Community Help

s_moles · ‎12-14-2015

Hi there,

Following the terrific advice provided by James Jones and using some tools available on the Web, I built a signature file, generated an HMAC-SHA-256 digest and had it base64 encoded. I then tried testing the access using Postman. Here's a screenshot of the Postman form:

I tested the HMAC digest generation and base64 encoding using James's example for testing and got exactly the same signature as he did. So I think the steps I used to generate the signature with our school's own, actual values should have worked. I pasted the API key after 'HMACAuth' in the Authorization header, followed by a colon, followed by the base64 encoded digest. I ensured that the Date was within 15 minutes of server time (well, I just used my current time, 9:48 ET, which I'm fairly sure is 15:48:00 GMT).

But, as you can see, what I got back was an Unauthorized message, and I can't figure out why. I've checked and rechecked the values I entered, but I think I must still be missing something.

Does anyone else have any ideas?

Thanks in advance,,

Brook

s_moles · ‎12-14-2015

Sorry, I should have said 10:48 ET, not 9:48. GMT is currently (not DST) 5 hours ahead of us.

James · ‎12-24-2015

@s_moles ,

I've been on vacation. Is this still an issue?

I've used Postman once, I primarily use Advanced REST Client, so I may be of limited use.

When there are problems, leave off the optional parameters like after=45 and limit=100 when you're testing. At least leave off the after part, I just made up the 45 for testing purposes, you may not have anything after 45.

For Authorization, make sure you have it set to None. Then manually add the header.

Your screen doesn't look like mine when I try this with Postman, so I'm not sure exactly where things are entered.

I see the ability to add 3 types of parameters: Path variable keys, URL Parameter keys, and Headers. Leave the first one empty. The URL parameters is where the after and limit would go. The header section contains the Authentication and the Date.

What looks weird is that the GET statement should have the https://portal.inshosteddata.com/api/account/self/dump on it, but (this is where I get confused), yours looks like you might have just put dump there and added the path to the PATH variable key.

Then again, it could just be a difference in versions, so this may not be helpful at all.

Like I said, I'm not an expert on Postman and as you said in another post, you got my CanvasDataAPI.pm working, so I'm not even sure this is still a question.

s_moles · ‎01-04-2016

I should have posted a follow up to this sooner. I never got the authentication to work with Postman, but got it to work with the same parameters using James's Perl module. So, I think it's just my ignorance of how to use Postman, particularly with HMAC.

What am I doing wrong with authetication?

Re: How are you handling LTI analytics data?

Why does listing tables from canvas_logs namespace...

dap client throwing QueryException on sync table

Ability to see marks from multiple courses built u...

dapclienterror malformed http response and process...

Re: How are you handling LTI analytics data?

Submission Versions in Data Access Platform

Starting to utilize Redshift

Admin permissions to view conversations in Inbox

CD2 Key - now can go for three years

You're signed out

What am I doing wrong with authetication?

Community Help

View our top guides and resources: