Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

Need help connecting to Attendease API (using HMAC-SHA1 request signing)

jamie
5 - Atom

Hi there,

 

We have a client using Alteryx that is trying to connect to the Attendease V2 API. The non-authenticated calls are working, but something with awry with how she is passing the authentication values. The API uses HMAC-SHA1 request signing for authentication.

 

Attendease API details are here:

https://developer.attendease.com/#authentication42

 

And these are general guidelines for the signing method works (same standard that many AWS APIs use):

https://github.com/mgomes/api_auth#how-it-works

 

Has anyone done something similar before with Alteryx? Any detailed guidance would be most helpful that I can pass along.

Thanks!

Jamie

10 REPLIES 10
StephenR
Alteryx
Alteryx

I've used the HMAC macro in the gallery to encrypt username and password before passing them into as headers for a query.  It works alright for me.

Regards,
Stephen Ruhl
Principal Customer Support Engineer

awelz
5 - Atom

Sruhl,

 

I am using the HMAC macro to encrypt before passing them into the header for the query.  I am still getting an invalid signature error.    DO you have a sample workflow you can share? 

 

Much appreciated...

blyons
11 - Bolide

I am working with @awelz to troubleshoot this.

 

I am attaching the workflow that we believe should work, but doesn't. Since this account is purely for testing, and has no real data in it, I am including all the keys.

 

Here is the raw output being sent by Alteryx, as captured by Fiddler:

GET https://kimberly-s-events-4b8b9cc7.attendease.org/api/v2/attendees.json HTTP/1.1
Host: kimberly-s-events-4b8b9cc7.attendease.org
Accept: */*
Accept-Encoding: deflate, gzip
Content-Type: application/json
Date: Fri, 03 Nov 2017 21:37:40 GMT
Authorization: APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW%2FQfcDiAQ%3D

 

Here is the raw results, as captured by Fiddler:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, private
Content-Type: application/json; charset=utf-8
Date: Fri, 03 Nov 2017 21:37:43 GMT
Server: nginx
Status: 401 Unauthorized
Vary: Origin
X-Powered-By: Phusion Passenger
X-Rack-Cache: miss
X-Request-Id: eb934f6a424e652ea783ce15e0fc2445
X-Runtime: 0.014996
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30
Connection: keep-alive

{"error":"Invalid signature."}

 

Any help would be appreciated.

 

jamie
5 - Atom

Hi @blyons/@awelz,

 

Firstly, it looks like the Authorization header is being URL-encoded, which it shouldn't be. For that request in your example, it should have been:

APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW/QfcDiAQ=

 

Also, the canonical string you should be signing for that request example should be:

application/json,,/api/v2/attendees.json,Fri, 03 Nov 2017 21:37:40 GMT

 

Hope that helps!

 

StephenR
Alteryx
Alteryx

@jamie has the answer.  All I did was uncheck the Percent encode value option in the HMAC Encrypt macro and it worked.

 

answer.JPG

Regards,
Stephen Ruhl
Principal Customer Support Engineer

blyons
11 - Bolide

Bingo! Thank you so much!

blyons
11 - Bolide

Thank you!

attardc1
7 - Meteor

Hey Sruhl,

 

I'm having trouble with using the macro. What URL needs to be the input for the macro to work? I keep getting an error while trying to match the URL of the API I'm using

StephenR
Alteryx
Alteryx

@attardc1Could you provide some more context to your question?  What macro are you asking about?  What URL are you trying to reach? Can you share your workflow?

Regards,
Stephen Ruhl
Principal Customer Support Engineer

Labels