Need help connecting to Attendease API (using HMAC-SHA1 request signing)

Hi there,

We have a client using Alteryx that is trying to connect to the Attendease V2 API. The non-authenticated calls are working, but something with awry with how she is passing the authentication values. The API uses HMAC-SHA1 request signing for authentication.

Attendease API details are here:

https://developer.attendease.com/#authentication42

And these are general guidelines for the signing method works (same standard that many AWS APIs use):

https://github.com/mgomes/api_auth#how-it-works

Has anyone done something similar before with Alteryx? Any detailed guidance would be most helpful that I can pass along.

Thanks!

Jamie

Settings

Connectors

API

Accepted answers

jamie

Hi @blyons/@awelz,

Firstly, it looks like the Authorization header is being URL-encoded, which it shouldn't be. For that request in your example, it should have been:

APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW/QfcDiAQ=

Also, the canonical string you should be signing for that request example should be:

application/json,,/api/v2/attendees.json,Fri, 03 Nov 2017 21:37:40 GMT

Hope that helps!

All comments

StephenRuhl

I've used the HMAC macro in the gallery to encrypt username and password before passing them into as headers for a query. It works alright for me.

awelz

Sruhl,

I am using the HMAC macro to encrypt before passing them into the header for the query. I am still getting an invalid signature error. DO you have a sample workflow you can share?

Much appreciated...

blyons

I am working with @awelz to troubleshoot this.

I am attaching the workflow that we believe should work, but doesn't. Since this account is purely for testing, and has no real data in it, I am including all the keys.

Here is the raw output being sent by Alteryx, as captured by Fiddler:

GET https://kimberly-s-events-4b8b9cc7.attendease.org/api/v2/attendees.json HTTP/1.1
Host: kimberly-s-events-4b8b9cc7.attendease.org
Accept: */*
Accept-Encoding: deflate, gzip
Content-Type: application/json
Date: Fri, 03 Nov 2017 21:37:40 GMT
Authorization: APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW%2FQfcDiAQ%3D

Here is the raw results, as captured by Fiddler:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, private
Content-Type: application/json; charset=utf-8
Date: Fri, 03 Nov 2017 21:37:43 GMT
Server: nginx
Status: 401 Unauthorized
Vary: Origin
X-Powered-By: Phusion Passenger
X-Rack-Cache: miss
X-Request-Id: eb934f6a424e652ea783ce15e0fc2445
X-Runtime: 0.014996
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30
Connection: keep-alive

{"error":"Invalid signature."}

Any help would be appreciated.

Attendease API bl.yxmd

jamie

Hi @blyons/@awelz,

Firstly, it looks like the Authorization header is being URL-encoded, which it shouldn't be. For that request in your example, it should have been:

APIAuth 6ff45139-3c21-4600-b9d2-3170ae55fcf9:gPE7Oy6OkWchbpudzlW/QfcDiAQ=

Also, the canonical string you should be signing for that request example should be:

application/json,,/api/v2/attendees.json,Fri, 03 Nov 2017 21:37:40 GMT

Hope that helps!

attardc1

Hey Sruhl,

I'm having trouble with using the macro. What URL needs to be the input for the macro to work? I keep getting an error while trying to match the URL of the API I'm using

Quick Links

This months top contributors

mceleavey 383

mbarone 337

Hollingsworth 335

LanisC 335

JeffF 335