Authorize PKI Transaction Signing
Authorize Transaction Signing function that verify user’s username with PKI certificate together with transactions.
Below is the URL to access the API functions:
POST /v2/CentagateWS/webresources/auth/authPkiPkcs7Parameters
| Parameters | Occurence | Descriptions |
|---|---|---|
| username | Required | Registered Username in CENTAGATE Cloud |
| signature | Required | The PKCS#7 attached signature encoded in Base64 |
| algorithm | Required | The algorithm used during the signing. Valid values are: - 0: SHA-1 - 1: SHA-256 - 2: SHA-384 - 3: SHA-512 |
| plainText | Required | The plain text of the signed string encoded in Base64 |
| authToken | Optional | The previous generated authToken. |
| integrationKey | Required | Integration Key Of The App That The User Wants To Authenticate |
| unixTimestamp | Required | Current Time In Unixtimestamp |
| supportFido | Optional | FIDO Authentication Option, Pass True To Enable And False To Disable. Or Leave It Empty |
| ipAddress | Optional | IP Address From Where The Authentication Request Is Originated. |
| userAgent | Optional | Platform Information Of Authentication Request is made of. |
| browserFp | Optional | Browser Fingerprint |
| transactionValue | Required | The transaction values. |
| isTransaction | Required | This value should be “1”. |
| HMAC | Required | Hmac Generated From Combination (username + signature + algorithm + plainText + authToken + userAgent + integrationKey + supportFido + browserFp + unixTimeStamp + ipAddress) Using Secretkey (Can Be Obtained From The App Page) As The Key |
Sample Code
As in below there are some examples of source code of access the API functions:
Java
public static void main(String[] args) {
ClientConfig config = new DefaultClientConfig ();
Client client = Client.create ( config );
WebResource service = client.resource ("https://<domain_name>/v2/CentagateWS/webresources");
Gson gson = new Gson();
String hmac = convertHmacSha256("secretkey","username" + "signature" + "algorithm" + "plainText" + "authToken" + "integrationKey" + "unixTimestamp" + "supportFido" + "ipAddress" + "userAgent" + "browserFp");
HashMap<String, String> map = new HashMap<String, String>();
map.put("username", "username");
map.put("signature", "signature");
map.put("algorithm", "algorithm");
map.put("plainText", "plainText");
map.put("authToken", "authToken");
map.put("integrationKey", "integrationKey");
map.put("unixTimestamp", "unixTimeStamp");
map.put("ipAddress", "ipAddress");
map.put("userAgent", "userAgent");
map.put("browserFp", "browserFp");
map.put("supportFido", "supportFido");
map.put("transactionValue", "transactionValue");
map.put("isTransaction", "1");
map.put("hmac", hmac);
ClientResponse response = service.path ("auth").path("authPkiPkcs7").accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, gson.toJson(map));
String retJson = response.getEntity(String.class);
HashMap<String, Object> returnData = (HashMap<String, Object>) gson.fromJson(retJson, HashMap.class);
String code = returnData.get("code").toString();
String message = returnData.get("message").toString();
String object = returnData.get("object").toString();
}
public static String convertHmacSha256(String secretKey, String params) throws NoSuchAlgorithmException,
InvalidKeyException,IllegalStateException, SignatureException, NoSuchProviderException, Exception
{
try
{
final SecretKeySpec secret_key = new SecretKeySpec ( StringUtils.getBytesUtf8 ( secretKey ) , "HmacSHA256" );
final Mac mac = Mac.getInstance ( "HmacSHA256" );
mac.init ( secret_key );
final byte[] bytes = mac.doFinal ( StringUtils.getBytesUtf8 ( params ) );
return Hex.encodeHexString ( bytes );
}
catch ( NoSuchAlgorithmException e )
{
throw new NoSuchAlgorithmException ( e );
}
catch ( InvalidKeyException e )
{
throw new InvalidKeyException ( e );
}
catch ( IllegalStateException e )
{
throw new IllegalStateException ( e );
}
catch ( Exception e )
{
throw new Exception ( e );
}
}Node Js
const https = require('https')
var crypto = require('crypto');
var username = '<username>';
var signature = '<signature>';
var algorithm = '<algorithm>';
var plainText = '<plainText>';
var integrationKey = '<integrationKey>';
var transactionValue = '<transactionValue>';
var isTransaction = '1';
var time = Math.round((new Date()).getTime() / 1000);
var unixTimestamp = time.toString();
var authToken = "<authToken>";
var supportFido = "<supportFido>";
var ipAddress = "<ipAddress>";
var userAgent = "<userAgent>";
var browserFp = "<browserFp>";
var secretKey = '<secret key>';
var hmacText = username + signature + algorithm + plainText + authToken + integrationKey + unixTimestamp + supportFido + ipAddress + userAgent + browserFp;
var hash, hmac;
/* generate hmac value*/
hmac = crypto.createHmac(sha256, secretKey);
hmac.write(hmacText);
hmac.end();
hash = hmac.read().toString('hex');
const data = JSON.stringify({
username: username,
signature: signature,
algorithm: algorithm,
plainText: plainText,
authToken: authToken,
integrationKey: integrationKey,
unixTimestamp: unixTimestamp,
ipAddress: ipAddress,
supportFido: supportFido,
userAgent: userAgent,
browserFp: browserFp,
transactionValue: transactionValue,
isTransaction: isTransaction,
hmac: hash
})
const options = {
hostname: "<domain_name>",
port: 443,
path:'/v2/CentagateWS/webresources/auth/authPkiPkcs7',
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
}
}
const req = https.request(options, res =>{
console.log(`HTTP Status Code: ${res.statusCode}`)
var body = '';
res.on('data', function(d){
body += d;
var parsed = JSON.parse(body);
if (parsed.code == 0){
console.log('Authentication Succeed');
console.log('Response:');
console.log(body);
}
else {
console.log('Authentication Fail, ' +'Message:' + parsed.message);
console.log('Code:' + parsed.code);
}
})
})
req.on('ERROR', error => {
console.error(error)
})
req.write(data)
req.end()PHP
<?php
$url = 'https://<domain_name>/v2/CentagateWS/webresources/auth/authPkiPkcs7';
$ch = curl_init($url);
$secretKey = "<secretkey>";
$username ="<username>";
$signature = "<signature>";
$algorithm = "<algorithm>";
$plainText = "<plainText>";
$integrationKey = "<integrationkey>";
$time = time(); // get current timestamp
$unixTimestamp = strval($time); //convert timestamp to String
$authToken = "<authToken>";
$supportFido = "<supportFido>";
$ipAddress = "<ipAddress>";
$userAgent = "<userAgent>";
$browserFp = "<browserFp>";
$transactionValue = "<transactionValue>";
$isTransaction = "1";
$hmac_text = $username.$signature.$algorithm.$plainText.$authToken.$integrationKey.$unixTimestamp.$supportFido.$ipAddress.$userAgent.$browserFp;
$hmac = hash_hmac('sha256', $hmac_text, $secretKey); // calculate hmac value
$jsonData = array (
'username'=> $username,
'signature'=> $signature,
'algorithm'=> $algorithm,
'plainText'=> $plainText,
'authToken'=> $authToken,
'integrationKey'=> $integrationKey,
'unixTimestamp'=> $unixTimestamp,
'supportFido'=> $supportFido,
'ipAddress'=> $ipAddress,
'userAgent'=> $userAgent,
'browserFp'=> $browserFp,
'transactionValue'=> $transactionValue,
'isTransaction'=> $isTransaction,
'hmac' => $hmac
);
$jsonDataEncoded = json_encode($jsonData);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$obj = json_decode($result);
if ($obj->{'code'} != 0){
print "Authentication fail";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
}
else {
print "Authentication succeed";
echo " <br>";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
echo " <br>";
print "Result:" ;
echo " <br>";
print $result;
}
curl_close($ch);
?>