Getting the rsig to post a Petition signature with php

[Laura Melo]

Hi, I 've been trying to build a form in order to allow user posting signatures to certain petition from my site. I try to pass the data to the api, but I'm stuck on getting the "rsig" for this.

I followed this instructions but it gives me this response:

"Redirecting you to https://api.change.org/es-AR"

This is how i construct the request:


$REQUEST_URL = 'https://api.change.org';
$parameters = array(
'api_key' => $API_KEY,
'timestamp' => date('c'),
'endpoint' => '/v1/petitions/'.$PETITION_ID,
'source' => 'www.fanfreedom.org',
'email' => 'laura...@xxxxx.net',
'first_name' => 'Laura',
'last_name' => 'Melo',
'address' => 'El Araucano y Fdo. Rivas',
'city' => 'Centenario',
'state_province' => 'Neuquen',
'postal_code' => '8309',
'country_code' => 'AR',
'phone' => '54 299 4545454',
'reason' => 'test reason',
);
$query_string = http_build_query($parameters);
$url = "$REQUEST_URL?$query_string";
$url .= $SECRET_TOKEN . $AUTH_KEY;

I hope you can help me, thanks.

[Eric Lukoff]

Hi Laura,

It looks like you're close. The rsig is generated from getting a SHA-2 digest from the following things appended to each other:

[POST body or GET query string][secret token][authorization key]

So in the case of a POST petitions/:petition_id/signatures request, it should be something like:

$rsig = hash('sha256', http_build_query($parameters) . $SECRET_TOKEN . $AUTH_KEY);

You should never be sending the secret token and petition auth key over plain text. The request $url should be to 'https://api.change.org/v1/petitions/' . $PETITION_ID . '/signatures', not just to api.change.org, as you have now. And the parameters should be sent with a POST request, and not in the query string. (More detail here.)

Let me know if that helps to resolve your issue. If not, I'm happy to take a look at a full code example if you paste it here (with identifying info removed, of course).

Eric

[Laura Melo]

Eric, Thank you so much!!! It works like charm...

This is my code, for reference:

    $REQUEST_URL = 'https://api.change.org/v1/petitions/' . $PETITION_ID . '/signatures';

    

    $parameters = array(

      'auth_key'       => $AUTH_KEY,

      'api_key'        => $API_KEY,

      'timestamp'      => date('c'),

      'endpoint'       => '/v1/petitions/'.$PETITION_ID.'/signatures',

      'source'         => 'www.fanfreedom.org',

      'email'          => 'laura...@xxxxx.net',

      'first_name'     => 'Laura',

      'last_name'      => 'Melo',

      'address'        => 'El Araucano y Fdo. Rivas',

      'city'           => 'Centenario',

      'state_province' => 'Neuquen',

      'postal_code'    => '8309',

      'country_code'   => 'AR',

      'phone'          => '54 299 4545454',

      'reason'         => 'test reason',

    );

    $query_string = http_build_query($parameters);

    $rsig = hash('sha256', $query_string . $SECRET_TOKEN . $AUTH_KEY);

    $url = "$REQUEST_URL?$query_string"."&rsig=".$rsig;

    $ch = curl_init($url);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);

    curl_setopt($ch, CURLOPT_TIMEOUT, 2);

    curl_setopt($ch, CURLOPT_POST, true); 

    $response = curl_exec($ch);

    curl_close($ch);

    

    

[Eric Lukoff]

Happy to help! Let us know if you have any other questions.

[Edmund Garibay]

i do that, them i try to make a Request a Signature and the response is something like 

{"result":"failure","messages":["authorization key cannot be found or is not granted"]}bool(true)

can you help me please?

[Rob Weatherall]

I realize this is a year old, but it seems support here is ZERO

For the next person, I had this issue.
I needed to make sure all the "source" references were the page that I got the Auth for
Your website where petition page is located.

[Peppe Cp]

hello
 

how to find my_petition_auth_key
Thanks