授權請求故障

Question

我想在Sinch服務中提出conferenceCallout請求，但我遇到了簽名問題。我粘貼的代碼：

<?php 
//JSon Object 
$conferencia['method']="conferenceCallout"; 
$participante['cli']="46000000000"; 
$destination['type']="username"; 
$destination['endpoint']="roke1"; 
$participante['destination']=$destination; 
$participante['domain']="mxp"; 
$participante['custom']="customData"; 
$participante['locale']="en-US"; 
$participante['greeting']="Welcome to my conference"; 
$participante['conferenceId']="conferencia_de_prueba"; 
$participante["enableDice"]=false; 

$conferencia['conferenceCallout']=$participante; 

$data=json_encode($conferencia); 



$md5_body = base64_encode (MD5 (utf8_encode (json_encode($conferencia)))); 

$applicationKey="XXXXXX-xXXX-XXXX-XXXX-XXXXXXXX"; 
$applicationSecret="XXXXXXXXXXXXXXXX=="; 

$timestamp = new DateTime('NOW'); 

$StringToSign ="POST 
     ".$md5_body." 
     application/json 
     x-timestamp:".$timestamp->format(DateTime::ISO8601)." 
     /v1/callouts"; 

$utf8encode=utf8_encode($StringToSign); 
$hash= hash_hmac("sha256",$applicationSecret,$utf8encode); 
$base64=base64_encode($hash); 

$Signature =$base64; 
$Autorization = "Application"." ".$applicationKey.":".$Signature; 


$ch = curl_init('https://callingapi.sinch.com/v1/callouts'); 
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
curl_setopt($ch, CURLOPT_POSTFIELDS,$data); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
     'Content-Type: application/json', 
     'Authorization:' . $Autorization, 
     'X-Timestamp: ' . $timestamp->format(DateTime::ISO8601), 
     'Content-Length: ' . strlen($data)) 
     ); 

$result = curl_exec($ch); 
echo $result; 

?> 

但我得到錯誤代碼40102是40102-無效簽名。

任何人都可以幫助我嗎？我做錯了什麼？

最好的問候。

Answer 1

從他們的API documentation，我能夠創建此代碼生成一個符合他們的簽名。您應該可以修改它以使其與您的代碼一起工作。

<?php 

$applicationKey = '5F5C418A0F914BBC8234A9BF5EDDAD97'; 
$applicationSecret = 'JViE5vDor0Sw3WllZka15Q=='; 

$ts  = '2014-06-04T13:41:58Z'; 
$resource = '/v1/sms/+46700000000'; 
$timestamp = new DateTime($ts); 

$body = [ 
    'message' => 'Hello world', 
]; 

$message = json_encode($body); 

$md5 = base64_encode(md5($message, true)); 

$timestamp = $ts; 

$stringToSign = "POST\n" . 
       $md5 . "\n" . 
       "application/json\n" . 
       'x-timestamp:' . $timestamp . "\n" . 
       $resource; 

$signature = base64_encode(
       hash_hmac('sha256', 
          $stringToSign, 
          base64_decode($applicationSecret), 
          true 
       ) 
      ); 

echo $md5 . "\n" . $signature . "\n"; 
// jANzQ+rgAHyf1MWQFSwvYw== 
// qDXMwzfaxCRS849c/2R0hg0nphgdHciTo7OdM6MsdnM= 

Answer 2

我發佈了適用於我的代碼。

$phone ="+460000000" //Put the destination number here 
$key = "XXXXXX";  
$secret = "XXXXXX"; 
$message = $first_name . ', thanks you for signing in. We will text you when we\'re ready for you'; 
$phone = $phone_number; 

$body = json_encode(array('From' => $rented_number, 'Message'=>$message,)); 

$timestamp = date("c"); 

$path     = "/v1/sms".$phone; 
$content_type   = "application/json"; 
$canonicalized_headers = "x-timestamp:" . $timestamp; 

$content_md5 = base64_encode(md5(utf8_encode($body), true)); 

$string_to_sign = 
    "POST\n". 
    $content_md5."\n". 
    $content_type."\n". 
    $canonicalized_headers."\n". 
    $path; 

$signature = base64_encode(hash_hmac("sha256", utf8_encode($string_to_sign), base64_decode($secret), true)); 
$authorization = "Application " . $key . ":" . $signature; 

$service_url = 'https://messagingapi.sinch.com'.$path; 
$curl = curl_init($service_url); 
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
    'content-type: '.$content_type, 
    'x-timestamp:' . $timestamp, 
    'authorization:' . $authorization 
)); 
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($curl, CURLOPT_POST, true); 
curl_setopt($curl, CURLOPT_POSTFIELDS, $body); 
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); 
$curl_response = curl_exec($curl); 
// @todo: checking response/working with results 
curl_close($curl); 

感謝drew010給你的幫助，真是太棒了！