Authenticate and get session tokens from Quickblox in Python
I’m working through the REST API. Two questions
1) I want to push some existing data to a Quickblox custom object. How many REST calls do I need? (I’m not quite sure about the whole state of transactions involving computer security.) The first is to (a) get the session token. Then follow the steps to create a new recordhere ?
2) I’m
trying to get the session token, but I’m getting {“errors”:{"base":["Unexpected signature"]}}
as a response. This is my code to generate random numbers, sign, and get session token:
# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'
def getNonce():
import random
return random.random()
def createSignature(nonce):
import hashlib
import hmac
import binascii
import time
stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}×tamp={timestamp}'.format(id=appId,
auth_key=authKey, nonce=nonce, timestamp=time.time())
hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n
def getSessionToken():
import time
epoch = "%s" % int(time.time())
nonce = getNonce()
params = {'application_id': appId,
'auth_key': authKey,
'timestamp': epoch,
'nonce': nonce,
'signature': createSignature(nonce)}
jsonData = json.dumps(params)
httpHeaders = {'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'}
r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
response = json.loads(responseJson)
getSessionToken()
I guess the way the signature was generated is causing the problem?
Solution
Here is the answer to my question. It turns out that timestamp should be just integers, hamc should use key, https://api.quickblox.com/auth.json should be used instead session 。 And I didn’t use the correct encoding for my signature.