Following the terrific advice provided by James Jones and using some tools available on the Web, I built a signature file, generated an HMAC-SHA-256 digest and had it base64 encoded. I then tried testing the access using Postman. Here's a screenshot of the Postman form:
I tested the HMAC digest generation and base64 encoding using James's example for testing and got exactly the same signature as he did. So I think the steps I used to generate the signature with our school's own, actual values should have worked. I pasted the API key after 'HMACAuth' in the Authorization header, followed by a colon, followed by the base64 encoded digest. I ensured that the Date was within 15 minutes of server time (well, I just used my current time, 9:48 ET, which I'm fairly sure is 15:48:00 GMT).
But, as you can see, what I got back was an Unauthorized message, and I can't figure out why. I've checked and rechecked the values I entered, but I think I must still be missing something.
Does anyone else have any ideas?
Thanks in advance,,