Dev Space

Customize & extend the power of Alteryx. SDKs, APIs, custom tools, and more!

General Discussions has some can't miss conversations going on right now! From conversations about automation to sharing your favorite Alteryx memes, there's something for everyone. Make it part of your community routine!

Connecting to Alteryx ADMIN API behind OAUTH Invalid Signature

5 - Atom
import time
import collections
import random
import math
import requests
import string
import json
import urllib
import hmac
import binascii
import hashlib
from requests.utils import quote
import base64

class Gallery(object):
def __init__(self, apiLocation, apiKey, apiSecret):
self.apiLocation = apiLocation
self.apiKey = apiKey
self.apiSecret = apiSecret

def buildOauthParams(self, page, pageSize):
return {"page": page,
"pageSize": pageSize,
'oauth_timestamp': str(int(math.floor(time.time()))),
'oauth_signature_method': 'HMAC-SHA1',
'oauth_consumer_key': self.apiKey,
'oauth_version': '1.0',
'oauth_nonce': self.generate_nonce(5)}

'''Returns the questions for the given Alteryx Analytics App'''
def getUsers(self, page, pageSize):
method = 'GET'
url = self.apiLocation + '/users/'
params = self.buildOauthParams(page, pageSize)
headers = {}
signature = self.generateSignature(method, url, params)
#signature = base64.b64encode(signature)
params.update({'oauth_signature': signature.decode("utf-8")})
normalized_params = urllib.parse.urlencode(params)
url = url + "?" + normalized_params
output = requests.get(url,headers=headers, verify=False)
return output, output.content

def generate_nonce(self, length=5):
:return: Generate pseudorandom number
nonce = "000001"
return nonce

def generateSignature(self, http_method, url, params):
:return: returns HMAC-SHA1 signature
quote = lambda x: requests.utils.quote(x, safe="~")
normalized_params = urllib.parse.urlencode(params)
base_string = "&".join((http_method.upper(), quote(url), quote(normalized_params)))
base_bytes = base_string.encode("ascii")
api_secret = self.apiSecret + "&"
api_secret = api_secret.encode("ascii")
sig =, base_bytes, hashlib.sha1)
sig = sig.hexdigest()
signature = base64.urlsafe_b64encode(bytes.fromhex(sig))
return signature

client_key = 'removed_security'
client_secret = 'removed_security'
gallery_url = 'https://ourendpoint:443/gallery/api/admin/v1'

con = Gallery(gallery_url, client_key, client_secret)
users,usersContent = con.getUsers("1", "100")



I'm trying to list users from the admin api. Our setup is the oauth setup with oauth1. I had our Alteryx SME setup an alteryx flow that does an authentication against the api and I am mimicing what his R implementation does but in python. The issue is I'm getting invalid HMAC signature. 


I was also able to find a python example online parsing through someone else's project and put it together. 


b'{"data":null,"exceptionName":"UnauthorizedException","innerExceptionMessage":"","message":"The provided signature(oauth_signature) is invalid."}'


I am using the admin keys from the setting page with api access enabled. That changed the message from invalid client secret and key to invalid signature. I've tried sending the signature as requests params and now as a combined url nothing seems to fix it.


Appreciate any help you can give here.