Alteryx Designer Desktop Discussions

jamie · ‎11-02-2017

Hi there,

We have a client using Alteryx that is trying to connect to the Attendease V2 API. The non-authenticated calls are working, but something with awry with how she is passing the authentication values. The API uses HMAC-SHA1 request signing for authentication.

Attendease API details are here:

https://developer.attendease.com/#authentication42

And these are general guidelines for the signing method works (same standard that many AWS APIs use):

https://github.com/mgomes/api_auth#how-it-works

Has anyone done something similar before with Alteryx? Any detailed guidance would be most helpful that I can pass along.

Thanks!

Jamie

StephenR · ‎11-03-2017

I've used the HMAC macro in the gallery to encrypt username and password before passing them into as headers for a query. It works alright for me.

Regards,
Stephen Ruhl
Principal Customer Support Engineer

awelz · ‎11-03-2017

Sruhl,

I am using the HMAC macro to encrypt before passing them into the header for the query. I am still getting an invalid signature error. DO you have a sample workflow you can share?

Much appreciated...

blyons · ‎11-03-2017

I am working with @awelz to troubleshoot this.

I am attaching the workflow that we believe should work, but doesn't. Since this account is purely for testing, and has no real data in it, I am including all the keys.

Here is the raw output being sent by Alteryx, as captured by Fiddler:

GET https://kimberly-s-events-4b8b9cc7.attendease.org/api/v2/attendees.json HTTP/1.1
Host: kimberly-s-events-4b8b9cc7.attendease.org
Accept: */*
Accept-Encoding: deflate, gzip
Content-Type: application/json
Date: Fri, 03 Nov 2017 21:37:40 GMT
Authorization: APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW%2FQfcDiAQ%3D

Here is the raw results, as captured by Fiddler:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, private
Content-Type: application/json; charset=utf-8
Date: Fri, 03 Nov 2017 21:37:43 GMT
Server: nginx
Status: 401 Unauthorized
Vary: Origin
X-Powered-By: Phusion Passenger
X-Rack-Cache: miss
X-Request-Id: eb934f6a424e652ea783ce15e0fc2445
X-Runtime: 0.014996
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30
Connection: keep-alive

{"error":"Invalid signature."}

Any help would be appreciated.

jamie · ‎11-05-2017

Hi @blyons/@awelz,

Firstly, it looks like the Authorization header is being URL-encoded, which it shouldn't be. For that request in your example, it should have been:

APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW/QfcDiAQ=

Also, the canonical string you should be signing for that request example should be:

application/json,,/api/v2/attendees.json,Fri, 03 Nov 2017 21:37:40 GMT

Hope that helps!

StephenR · ‎11-06-2017

@jamie has the answer. All I did was uncheck the Percent encode value option in the HMAC Encrypt macro and it worked.

Regards,
Stephen Ruhl
Principal Customer Support Engineer

blyons · ‎11-06-2017

Bingo! Thank you so much!

blyons · ‎11-06-2017

Thank you!

attardc1 · ‎03-26-2018

Hey Sruhl,

I'm having trouble with using the macro. What URL needs to be the input for the macro to work? I keep getting an error while trying to match the URL of the API I'm using

StephenR · ‎03-27-2018

@attardc1Could you provide some more context to your question? What macro are you asking about? What URL are you trying to reach? Can you share your workflow?

Regards,
Stephen Ruhl
Principal Customer Support Engineer

Alteryx Designer Desktop Discussions

Need help connecting to Attendease API (using HMAC-SHA1 request signing)