If you have any question left, please drop a note with the discussion link of this page.

ExternalWebservices:ZanoxRESTAuth

From Wiki.zanox.com

Jump to: navigation, search

Contents

Zanox Rest Authentication

The Zanox REST authentication implementation includes the application_id, secured mhash key and the timestamp inside the HTTP Header. The REST Hash signature transmission is based onto the [RFC2616] for HTTP Digest Access Authentication specifications. The actual building of the signature is taken from the [RFC2104] specification.

REST Hash Signature Building

The character encoding of the REST services is UTF-8 based. Therefore it is needed to be taken some serious attention towards this as well as to have a look for the Base64 encoding on top. 

   * Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( StringToSign ) ) );


The StringToSign consists of a couple of elements that are concatenated. 

   * HTTP-Verb
   * URI
   * Timestamp


The concatenated string looking like this "GET/publisher/program/1/2006-01-01T12:00:00.000Z". The validity of the timestamp is 15 minutes! If the message arrives later than 15 minutes to the creation the request will be rejected.


REST Example

Zanox Publisher Sample Request including HTTP Header 

GET /publisher/program/1 HTTP/1.1
Host: webservices.zanox.com
Content-Length: 111
Date: Wed, 01 Mar  2006 12:00:00 GMT
Authorization: ZXWS 15B4D3461F177624206A:xQE0diMbLRepdf3YB+FIEXAMPLE=


Zanox Publisher Sample Response including HTTP Header 

HTTP/1.1 200 OK
Date: Wed, 01 Mar  2006 12:00:00 GMT
Content-Length: 0
Connection: close
Server: webservices.zanox.com

Authentication Error Handling

In case there was no application_id provided it gets a 401 Authorization Required returned including the xml body shown below. 

<?xml version="1.0" encoding="utf-8" ?>
<Error>
     <C0de>401</C0de>
     <Message>Authorization Required</Message>
</Error>


In case the requesting application provides a wrong signature its gets a 403 returned including the xml body shown below. 

<?xml version="1.0" encoding="utf-8" ?>
<Error>
     <C0de>403</C0de>
     <Message>Wrong Signature</Message>
</Error>


Refer to this list that provides all error codes returned from the Zanox Web Services.

REST Client Implementations

See this working client implementation examples: 

   * PHP
   * Perl
   * Rubby
   * Java
   * C#


HTTP Status Header Codes

Important to acknowledge is that there might be a 204 status code returned in the HTTP header. This means that there is no content returned after successfully finishing the request. See the RFC2616∞ for a list of HTTP status header codes.



Retrieved from "http://wiki.zanox.com/en/ExternalWebservices:ZanoxRESTAuth"
Personal tools