Amazon REST API using OAuth

0
votes

I build a mobile website with a registration form. This registration form will be using API. Below is a part of documentation they've provided.

I don't have any idea where to start. But can I use PHP on this? Do you have any sources or steps on how to do it?

Company ABC = client

The client follow the Representational state transfer (REST) standard allowing resources created, modified and pulled with a standard set of GET, POST, PUT, DELETE HTTP requests. Communication with client follows the REST architecture constraints including being stateless & cacheable.

All requests are performed over SSL. All responses are returned as JSON objects.

API Authentication

Client's REST API utilizes the widely used Amazon standard for authentication. Authentication with the member service requires a signed string affixed to an Authentication header.

Data required for signing a request

● Date Formatted as such: “Mon Jan 01 HH:MM:SS GMT 2013” ○ You also need to put this exact date string as the Date Header

● HTTP Method ( GET, POST, PUT, DELETE..)

● Body NULL if HTTP Method is not POST or PUT. This is the data being sent to the server.

● PATH the path of the request after the host for example: /Members/01kjhkjh789abcdef01234567 ○ The prefixed slash is required. ○ Trailing slashes will result in a failed authorization.

■ For purposes of this documentation the ID will be kjhkh75hgkuyf56465r65465564

■ For purposes of this documentation the Secret will be 75456464674676746547fhgv2tcoygvhgvrUcTVD5GvYimli

Client member

Building the signed request

  1. If there is a Body present, perform a MD5 operation on it.

  2. Build the String to Sign:

    HTTP_METHOD + “\n” + BODY_MD5 + “\n” + DATE + “\n” + PATH

    Some Examples:

    a. “GET Mon Jan 01 HH:MM:SS GMT 2013 /Members/0123456789abcdef01234567”

    b. “POST e9d263d07a1533984e80ef808bd4efff Mon Jan 01 HH:MM:SS GMT 2013 /Members”

    c. “PUT 96db961798e74718065e7a06d6d14110 Mon Jan 01 HH:MM:SS GMT 2013 /Members/012mnb3456789abcdebmbmnbf01234567“

  3. Perform a hashhmac/ sha1 hashing operation on the string you just built. a. The output of this should be binary/raw and not hexits.

  4. Base64 Encode the hashed string.

  5. Prefix the identifier to the Authorization scheme this is as follows: “CLIENT “ + API_ID + “:”

a. if your API_ID is “606e1a” your identifier will be “CLIENT 606e1a:” Examples

○ For the GET example above the output would be:

CLIENT lkmmklmlmlkm06e1a:l6PxyV73V226mklmklmkklB2XvaBsoWaE++Fo=

○ For the POST example above the output would be:

CLIENT klmlkmklmklmklm6e1a:FnSfYYxU+RTJlmlmlmlknSr/48yLYgk1eQ0=

○ For the PUT example above the output would be:

CLIENT lkmlkmklmlkm1a:ahByLYh9Wc3yhlmklmlm1F+N9ilkmlmkmLFA7B12w=

1
phpapirestoauth

1 Answers

0
votes

I would start by using FF Poster (e.g.) to use / get an understanding of the APIs, and how u should be invoking them and consuming their responses.

In terms of technologies to invoke APIs.... what is ur current application stack? If php, this looks decent - or google "php rest client". I have used Java rest clients, such as jersey and resteasy.