I want to access the APIs in QuickBlox, but before that we need to authenticate our apps and get a session token, and using session token we can access the other APIs.
But the problem is, when I send the authentication request using the required specification given on the QuickBloxwebsite, I am getting the error message:
{"errors":{"base":["Unexpected signature"]}}
The parameters to generate the signature is:
application_id=22&auth_key=wJHd4cQSxpQGWx5&nonce=33432×tamp=1326966962
And then we convert it in HMAC-SHA format:
hash_hmac( 'sha1', $signatureStr , $authSecret);
Please help me to resolve this problem.
I wrote code snippet on php, it generates signature. It works good
this is my test application's credentials:
$application_id = 92;
$auth_key = "wJHdOcQSxXQGWx5";
$authSecret = "BTFsj7Rtt27DAmT";
$nonce = rand();
echo "<br>nonce: " . $nonce;
$timestamp = time();
echo "<br>timestamp: " . $timestamp ."<br>";
$stringForSignature = "application_id=".$application_id."&auth_key=".$auth_key."&nonce=".$nonce."×tamp=".$timestamp;
echo $stringForSignature."<br>";
$signature = hash_hmac( 'sha1', $stringForSignature , $authSecret);
echo $signature;
hope this help
Problem solved
There was a problem in my request parameters.
$params = "application_id=$application_id&auth_key=$auth_key×tamp=$timestamp&nonce=$nonce&signature=$signature&**auth_secret=$authSecret**";
In this parameter I was passing an extra parameter, my auth secret key which should not be there. I removed this parameter and now its working.
Here is full example how to create QuickBlox session:
<?php
// Application credentials
DEFINE('APPLICATION_ID', 92);
DEFINE('AUTH_KEY', "wJHdOcQSxXQGWx5");
DEFINE('AUTH_SECRET', "BTFsj7Rtt27DAmT");
// User credentials
DEFINE('USER_LOGIN', "emma");
DEFINE('USER_PASSWORD', "emma");
// Quickblox endpoints
DEFINE('QB_API_ENDPOINT', "https://api.quickblox.com");
DEFINE('QB_PATH_SESSION', "session.json");
// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."×tamp=".$timestamp."&user[login]=".USER_LOGIN."&user[password]=".USER_PASSWORD;
echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);
// Build post body
$post_body = http_build_query(array(
'application_id' => APPLICATION_ID,
'auth_key' => AUTH_KEY,
'timestamp' => $timestamp,
'nonce' => $nonce,
'signature' => $signature,
'user[login]' => USER_LOGIN,
'user[password]' => USER_PASSWORD
));
// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "×tamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature . "&user[login]=" . USER_LOGIN . "&user[password]=" . USER_PASSWORD;
echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response
// Execute request and read responce
$responce = curl_exec($curl);
// Check errors
if ($responce) {
echo $responce . "\n";
} else {
$error = curl_error($curl). '(' .curl_errno($curl). ')';
echo $error . "\n";
}
// Close connection
curl_close($curl);
?>
You have to use your own application parameters:
application_id
auth_key
and random 'nonce' and current timestamp (not from example, you can get current timestamp on this site http://www.unixtimestamp.com/index.php)
Your code is right, but you must set proper parameters
1) You should send request to correct url.
to
https://api.quickblox.com/auth.json
instead
https://api.quickblox.com/session.json
2) You should fix SSL problem using this.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)
We use php, and next code works well for us:
<?php
$userLogin = '{YOUR_QB_USER}';
$userPassword = '{YOUR_QB_PASSWORD}';
$body = [
'application_id' => '{YOUR_QB_APPLICATION_ID}',
'auth_key' => '{YOUR_QB_AUTH_KEY}',
'nonce' => time(),
'timestamp' => time(),
'user' => ['login' => $userLogin, 'password' => $userPassword]
];
$built_query = urldecode(http_build_query($body));
$signature = hash_hmac('sha1', $built_query , '{YOUR_QB_APP_SECRET}');
$body['signature'] = $signature;
$post_body = http_build_query($body);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://{YOUR_QB_HOST}/session.json');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$token = json_decode($response, true)['session']['token'];
printf('Your token is: %s %s', $token, PHP_EOL);
Related
I'm not an expert in API development or using signed messages in PHP.
I have however tried to get the GATE.IO v4 API working in my PHP implementation but keep getting "Signature mismatch". I have followed the API documentation for CREATE ORDER available at Gate.io's website here: https://www.gate.tv/docs/developers/apiv4/#create-an-order
I have managed to get the /spot/accounts working, so I know that the key and secret are correct.
Based on the code below I seem to missing something. Probably a tiny error but those are the hardest, right?
Does anyone have any idea what could be the cause of this issue? Would really appreciate your help after having spent 8+ hours trying to get this to work.
<?php
$accessToken = ''; // Access token for OAuth/Bearer authentication
$key = "XXXXXXXXXXXXXXXXXXXXXXX";
$secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$username = ''; // Username for HTTP basic authentication
$password = ''; // Password for HTTP basic authentication
$host = 'https://api.gateio.ws/api/v4'; // The host
$userAgent = 'OpenAPI-Generator/5.26.0/PHP'; // User agent of the HTTP request, set to "OpenAPI-Generator/{version}/PHP" by default
$sResourcePath = "/spot/orders";
$sMethod = "POST"; // POST or GET
$aPayload['currency_pair'] = "DOT_USDT";
$aPayload['price'] = "6.330033";
$aPayload['account'] = "spot";
$aPayload['side'] = "buy";
$aPayload['amount'] = "1";
$aPayload['time_in_force'] = "gtc";
$sBody = json_encode($aPayload);
$aQueryParams = $aPayload;
$aFullPath = parse_url($host . $sResourcePath);
$fullPath = $aFullPath['path'];
$timestamp = time();
$hashedPayload = hash("sha512", ($payload !== null) ? $payload : "");
$fmt = "%s\n%s\n%s\n%s\n%s";
$sQuery = http_build_query($aQueryParams, false);
$signatureString = sprintf($fmt, $sMethod, $fullPath, $sQuery, $hashedPayload, $timestamp);
$signature = hash_hmac("sha512", $signatureString, $secret);
$aSignHeaders = array(
"KEY" => $key,
"SIGN" => $signature,
"Timestamp" => $timestamp);
$aHeaders[] = "KEY: " . $aSignHeaders['KEY'];
$aHeaders[] = "SIGN: " . $aSignHeaders['SIGN'];
$aHeaders[] = "Timestamp: " . $aSignHeaders['Timestamp'];
$aExtraParams['sHttpHeaders'] = $aHeaders;
if ($sMethod == "POST")
{
$sParams = "?" . http_build_query($aQueryParams, false);
}
else
{
$sQuery = "";
}
$sSubmitUrl = $host . $sResourcePath . $sParams;
$sPage = CURL::doRequest($sMethod, $sSubmitUrl, $sParams, $aExtraParams);
$aPage = json_decode($sPage, true);
if ($aPage)
{
$iPage = count($aPage);
}
echo "<pre>";
print_r($aPage);
echo "</pre>";
?>
based on that example request, you should be doing something like this
//path & urls
$host = 'https://api.gateio.ws';
$prefix = '/api/v4';
$path = '/spot/orders';
$fullPath = "$prefix$path";
$method = 'POST';
//your API keys
$api = [
'secret' => 'xxxx'
];
// Your actual data you can easily modify
$payload = [
'currency_pair' => 'DOT_USDT',
'price' => '6.330033',
'account' => 'spot',
'side' => 'buy',
'amount' => '1',
'time_in_force' => 'gtc'
];
//Convert your data to JSON FORMAT
$jsonPayload = json_encode( $payload );
//Hash your JSON DATA
$hashJsonPayload = hash('sha512', $jsonPayload);
$timeStamp = time();
// dunno if this is required
$queryParam = '';
//Create your signature string
$signString="$method\n$fullPath\n$queryParam\n$hashJsonPayload\n$timeStamp";
//Generate the signature
$signHash = hash_hmac('sha512', $signString, $api['secret']);
// Your Actual headers
$headers = [
'Content-Type: application/json',
'Timestamp: '.$timeStamp,
'Key: '.$api['secret'],
'SIGN: '.$signHash
];
Example request using php curl
$ch = curl_init( "$host$fullPath" ); // URL to POST https://api.gateio.ws/api/v4/spot/orders
curl_setopt( $ch, CURLOPT_POSTFIELDS, $jsonPayload ); // set json payload as body here
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers ); //define header here
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$result = curl_exec($ch);
curl_close($ch)
echo '<pre>', print_r($result, 1), '</pre>';
am new in api trying to see if my Api works once I execute the code am geting Error code 32601 'Method not found' I have gone through the code and though am not sure I think the error is syntax related any guidance will be appreciated
<?php
$key = '';
$secret = '';
$path = 'https://api.cloudtrax.com/voucher/network_id=254281';
$data = array(
"code"=> "b3c34test",
"duration"=> 1,
"max_users"=> 1,
"up_limit"=> 10,
"down_limit"=> 20,
"comment"=> "Free access for guests",
"purge_days"=> 2);
$headers = array(
'nonce' => 'ThisIsANonce',
'authorization' => "key=" . $key . ",timestamp=" . time() . ",nonce=" . $nonce,
'authorization_header' => "Authorization: " . $authorization,
'signature' => hash_hmac('sha256', $authorization . $path . $data, $secret),
);
$ch = curl_init($path);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
if ($result == FALSE) {
if (curl_errno($ch) == 0)
echo "#### NOTE ####: nil HTTP return: This API call appears to be broken" . "\n";
else
throw new Exception(curl_error($ch), curl_errno($ch)); }
else
echo "RESULT: \n" . $result . "\n";
?>
I'm trying to generate a one-click login URL for WHM.
The code below was one based on a cPanel login (which I was going to change for WHM), but it didn't work at all. Access denied errors.
Here's what I tried:
$whmusername = 'root';
$whmpassword = 'password';
$hostname = 'server.example.com';
$cpanel_user = 'cpaneluser';
$query = "https://$hostname/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";
$curl = curl_init(); // Create Curl Object.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // Allow self-signed certificates...
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); // and certificates that don't match the hostname.
curl_setopt($curl, CURLOPT_HEADER, false); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Return contents of transfer on curl_exec.
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // Set the username and password.
curl_setopt($curl, CURLOPT_URL, $query); // Execute the query.
$result = curl_exec($curl);
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
}
$decoded_response = json_decode( $result, true );
$session_url = $decoded_response['data']['url'];
$cookie_jar = 'cookie.txt';
curl_setopt($curl, CURLOPT_HTTPHEADER, null); // Unset the authentication header.
curl_setopt($curl, CURLOPT_COOKIESESSION, true); // Initiate a new cookie session.
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie_jar); // Set the cookie jar.
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie_jar); // Set the cookie file.
curl_setopt($curl, CURLOPT_URL, $session_url); // Set the query url to the session login url.
$result = curl_exec($curl); // Execute the session login call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// Log an error if curl_exec fails.
}
$session_url = preg_replace( '{/login(?:/)??.*}', '', $session_url );
$query = "$session_url/execute/Ftp/list_ftp";
curl_setopt($curl, CURLOPT_URL, $query); // Change the query url to use the UAPI call.
$result = curl_exec($curl); // Execute the UAPI call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// log error if curl exec fails
}
curl_close($curl);
print $result;
I was able to do this by using this following code. This code was originally used in a WHM API example, but I reapplied it for this purpose.
$user = "root";
$token = "API Token";
$query = "https://server.example.com:2087/json-api/create_user_session?api.version=1&user=root&service=whostmgrd";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: whm $user:$token";
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $query);
$result = curl_exec($curl);
$http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($http_status != 200) {
echo "[!] Error: " . $http_status . " returned\n";
} else {
$json = json_decode($result, true);
$login_url = $json['data']['url'];
echo $login_url;
}
curl_close($curl);
Instead of using WHM user/password, use just the user and login with an API Token which can be created in WHM -> Manage API Tokens.
Then take the json data and output just the URL.
I read this section http://quickblox.com/developers/Social_Networks_Integration_Manual
But I don't know what to do.If somebody know please help me :)
I was tried with hybridauth I have connection with facebook (my API) hybridauth return to me user information.I create user in quickblox with random password and facebook email and simulate login but this is bad because quickblox in this way don't return to me token and if I want to edit profil I can't....
if( isset( $_GET["login"] ) ){
try{
$hybridauth = new Hybrid_Auth( $config );
$adapter = $hybridauth->authenticate( "facebook" );
$user_profile = $adapter->getUserProfile();
}
catch( Exception $e ){
die( "<b>got an error!</b> " . $e->getMessage() );
}
$token = $adapter->getAccessToken();
//$token['access_token'];
$nonce = rand();
$timestamp = time();
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."×tamp=".$timestamp;
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);
// Build post body
//$post_body = "application_id=" . APPLICATION_ID . "&auth_key=".AUTH_KEY."×tamp=".$timestamp."&nonce=".$nonce."&signature=".$signature."&user[email]=" . $user_profile->email . "&provider=facebook&scope=friends_status,read_mailbox,photo_upload&keys[token]=".$token['access_token'];
$post_body = http_build_query(array(
'application_id' => APPLICATION_ID,
'auth_key' => AUTH_KEY,
'timestamp' => $timestamp,
'nonce' => $nonce,
'signature' => $signature
));
$post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "×tamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature."&user[login]=&user[email]=&user[password]=&provider=facebook&scope=friends_status,read_mailbox,photo_upload&keys[token]=".$token['access_token']."&keys[secret]=";
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response
$response = curl_exec($curl);
dump($response);
if ($response) {
return $response . "\n";
} else {
$error = curl_error($curl). '(' .curl_errno($curl). ')';
return $error . "\n";
}
This don't work...this is shity they don't have examples :O
You should add 'provider=facebook' to your post_body and signature_string
After this - QuickBlox will return HTML page with Facebook login dialog, which you should render to your end users
I'm trying to call to Photo.upload on the the Facebook API server. As far as I can tell the code to construct the call is good but I can't understand the responce I'm getting back from the server. As far as I can see, this call is ment to work and other people don't get this problem. I can only reason that something is wrong with the code. The commented stuff is an artifact of me trying different things to get a different responce from the server. The original code that I've changed was in part taken from an example of how to do this which I couldn't get to work either really:
http://www.jaisenmathai.com/blog/2008/11/27/using-the-facebook-api-to-upload-photos/
Server Responce:
12 This API version is deprecated method photos.upload api_key b92cee19a33c861275bfce4695896e44 call_id 1250194789.61 garden_jpg /var/www/vivaladan/pictureyourselfhull/garden.jpg v 0 sig 896ee95339cad24ce7e64a05ca764123
Code:
$key = b92cee19a33c861275bfce4695896e44;
$ver = 1.0;
$cid = microtime(true);
$uid = BIGINT;
$file= "garden.jpg";
$args = array(
//amethod => photos.upload,
v => $ver,
api_key => $key,
//uid => $uid,
call_id => $cid,
//format => XML
);
$args[basename($file)] = realpath($file);
signRequest($args,$sec);
$postString = "";
foreach($args as $index => $value) {
$postString .= $index ."=".$value."&";
}
$postString = trim($postString, '&');
$ch = curl_init();
$url = "http://api.facebook.com/restserver.php?method=photos.upload";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postString);
$data = curl_exec($ch);
echo $data;
function signRequest(&$args, $secret){
ksort($args);
$sig = "";
foreach($args as $k => $v){
$sig .= $k . '=' . $v;
}
$sig .= $secret;
$args[sig] = md5($sig);
}
Rest API call is not working anymore.
Try GraphApi
I'm guessing it's because you're using $ver = 0.0; - there's no 0.0 version of the API.
try using api.new.facebook.com API URL instead