unauthorized GET request https://test-cloud.vitadock.com/data/tracker/activity/count?date_since=0

[Geert Van de Peer]

Hi,

Following code tries to call the count method on the activity tracker in the test-cloud environment.

Access and secrets here are of course based on the test system and not high secret in my case.

I only get unauthorized responses when trying this code.

My problem is that I don't have any idea where my problem resides. I tried to follow as much as possible regarding the website info:

1. encoding with uppercase strings like %3D

2. ordering of params

3. split method, url, basestring with & and internal encoded strings

4. a timestamp of 13 figures

5. a nonce like a uuid (guid) (tried also examples from the helpsite)

6. picked up generated token and secret from the DNOA website from Karsten. Picked up the tokens while debugging.

7. did not add GET params in authorization header.

8. Signing principle HMAC-256 tried on the website provided sample and I get the same result.

I write as much of the program input as it would be generated, so I subsituted almost everything I could.

var access = "7oVrMuvl3a0yvbql2NicBNN8dJynVJeFT6mSFP8k8uqRWX24zW506PebFZ0GBZbN";

var secret = "30PsnWbR0hLeva9viEV8gypZ2YKGa96weKZ9W9FpZlD9x6epN3YgWE44s6up6L65";

var nonce = Guid.NewGuid().ToString();           

var stamp = Math.Round(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds).ToString();

var url = "https://test-cloud.vitadock.com/data/tracker/activity/count";

//TEMP and result from unauth access using DNOA webpage Vitadock.aspx

var token = "x5sdLtb9DtzgMsrNmAbtaBiUGgRTnkDFY4y1niZBwaz4jeiU3s5XBg9nel18NKPV";

var oauth_token_secret = "cZZUa7Te19RJsrzb758qzcq7bzBkWcuTGhoKsbap7JKTdeffnjKx1PDo7wRpWeT5";

//my complete written output (normally my program will substitute values here ;)

var baseparams = "date_since=0&oauth_consumer_key=7oVrMuvl3a0yvbql2NicBNN8dJynVJeFT6mSFP8k8uqRWX24zW506PebFZ0GBZbN&oauth_nonce=d864d1a4-7d43-4b12-a6ce-b22946c46e01&oauth_signature_method=HMAC-SHA256&oauth_timestamp=1471331112860&oauth_token=x5sdLtb9DtzgMsrNmAbtaBiUGgRTnkDFY4y1niZBwaz4jeiU3s5XBg9nel18NKPV&oauth_version=1.0";

var signature = "GET&https%3A%2F%2Ftest-cloud.vitadock.com%2Fdata%2Ftracker%2Factivity%2Fcount&date_since%3D0%26oauth_consumer_key%3D7oVrMuvl3a0yvbql2NicBNN8dJynVJeFT6mSFP8k8uqRWX24zW506PebFZ0GBZbN%26oauth_nonce%3Dd864d1a4-7d43-4b12-a6ce-b22946c46e01%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1471331112860%26oauth_token%3Dx5sdLtb9DtzgMsrNmAbtaBiUGgRTnkDFY4y1niZBwaz4jeiU3s5XBg9nel18NKPV%26oauth_version%3D1.0";

 var signed = webapi.HMAC.Encrypt(signature, "30PsnWbR0hLeva9viEV8gypZ2YKGa96weKZ9W9FpZlD9x6epN3YgWE44s6up6L65&cZZUa7Te19RJsrzb758qzcq7bzBkWcuTGhoKsbap7JKTdeffnjKx1PDo7wRpWeT5", webapi.HMACType.HMAC256).Encode(); //will also encode at the end

var authorization = "OAuth oauth_consumer_key=\"7oVrMuvl3a0yvbql2NicBNN8dJynVJeFT6mSFP8k8uqRWX24zW506PebFZ0GBZbN\",oauth_nonce=\"d864d1a4-7d43-4b12-a6ce-b22946c46e01\",oauth_signature_method=\"HMAC-SHA256\",oauth_timestamp=\"1471331112860\",oauth_token=\"x5sdLtb9DtzgMsrNmAbtaBiUGgRTnkDFY4y1niZBwaz4jeiU3s5XBg9nel18NKPV\",oauth_version=\"1.0\",oauth_signature=\"s3flY4sFpnUfclw2p2r%2BqAcJqKX8hsx1v2Gox7L%2B124%3D\"";

//my webapi REST call for get

var headers = new Dictionary<string, string>();

headers["Authorization"] = authorization;

var parameters = new Dictionary<string, object>();

parameters["date_since"] = 0;

var result = webapi.WebAPI.Call(url, "",parameters , headers).Result; => unauthorized.

Where did I make a mistake? Is it the pickup of the token or is it the setup of the REST call?

Thanks in advance, 

Geert.