API Connections to Whale Wisdom - Encrypting using HMAC-SHA1 and the HMAC Macro

Question

Hi Community,

I am trying to connect to the API of the financial / 13f service, Whale Wisdom, of which I have a paid subscription. The link below explains their API requirements:

* https://whalewisdom.com/shell/api_help#holdings

The API Call must be formatted as seen below:

* https://whalewisdom.com/shell/command?args=[args]&api_shared_key=[api_shared_key]&api_sig=[api_sig]&timestamp=[timestamp]

I am using the HMAC Macro (https://gallery.alteryx.com/#!app/HMAC-Encrypt--Installer-/576326f1aa690a05284b2e7b) to generate the [api_sig] portion of the call as defined below (I cannot post a workflow with our shared & secret keys):

* [api_sig] is a signature of the args parameter created using your secret access key. The api_sig is constructed using the HMAC-SHA1 algorithm. You take the HMAC-SHA1 digest of the [args] parameter and then encode the results in base64. The process is similar to how OAuth signs requests except with our API we are using the args and timestamp query parameters (before they are URL encoded). When creating the signature, combine the args and timestamp with an ASCII newline ("
") character.  
* For Ruby the process would look like this:* require 'digest/sha1'
t=Time.now
digest = OpenSSL::Digest::Digest.new( 'sha1' )
hmac = OpenSSL::HMAC.digest( digest, secret_access_key, args+"
"+t.utc.strftime('%Y-%m-%dT%H:%M:%SZ') )
sig=Base64.encode64( hmac ).chomp.gsub(/
/, '')

I've confirmed with the service that the input into the HMAC should be as below:

* {"command":"holdings","filer_ids":[349,2182]}
2018-3-29T11:04:17Z

But when I concatenate the generated [api_sig] back into the URL to create the GET Request, I am getting a "signature mismatch" error from the download tool.

* base url:* https://whalewisdom.com/shell/command.json?args=%7B%22command%22%3A%22holdings%22%2C%22filer_ids%22%3A%5B349%2C2182%5D%7D&api_shared_key=[api_shared_key]&api_sig=[api_sig]&timestamp=[timestamp]

Please let me know if you have experience with this situation! Thanks in advance for your time!

Regards,

Chris

patrick_digan · Accepted Answer

@attardc1 See if the attached works when you put your key and secret in the text input. I got past the signature invalid error on my end.

@attardc1wrote:I've confirmed with the service that the input into the HMAC should be as below:

* {"command":"holdings","filer_ids":[349,2182]}
2018-3-29T11:04:17Z

I think you need to 1) delete the \ that precede your " and replace the 
 with a true newline character. In alteryx that looks like this (where args is coming from a text input and the timestamp is calculated:

I am now receiving an error, but I assume it's due to me setting up a free account and not limiting the data. I assume it will work fine for you if you use your key and secret in the workflow.

Hope that helps!