Signing API requests can be a tedious and error-prone process. For these reasons, we recommend using one of our client libraries, which generate the API signature for you.
You can view all of our client libraries here: github.com/contextio
If we do not have a client library in the language of your choice, or you wish to generate your own wrapper, you can use this as a general guide on how to generate the required signature for making API calls.
We require an OAuth 1 HMAC-SHA1 signature be provided in the headers of the API request.
Generating the Authorization headers
First, we recommend you visit console.context.io and make some test requests. When you make a request, we provide you with the oauth signature info and the Authorization headers of the request, so you can see how the request is constructed.
You need the following to form your Authorization header:
- oauth_consumer_key: your API key
- oauth_version: in this case "1.0"
- oauth_nonce: a randomly generated unique string of characters and numbers
- oauth_timestamp: timestamp in Unix time
- oauth_method: in this case "HMAC-SHA1"
- oauth_signature: an encoded string representation of the request (created from the base string and using your API secret as a key)
You should be able to get all of the pieces mentioned above easily, the hard part is encoding the oauth_signature.
Generating the oauth_signature
In order to generate the oauth_signature, you must create the base string first. You can see a sample base string in the screenshot above.
A sample base string would look something like this:
It includes the method of the request (GET, POST, PUT or DELETE), the full URL of the request, as well as the elements mentioned above, such as the oauth_consumer_key, oauth_version, oauth_nonce, oauth_timestamp, and oauth_method (everything except the signature which you are about to create). All of this must become one URL encoded string.
Once you have the base string, you can generate the encoded signature using HMAC-SHA1 encryption, using your API secret as the key. The resulting string should look like:
Append the oauth_signature to your Authorization header
We're almost done! All that is left to do is once again assemble all of the different components, this time adding the oauth_signature you just created to the end of the Authorization header.
Your fully completed Authorization header should look like this. Play close attention to the capitalization—
Authorization OAuth oauth_consumer_key=CONSUMER_KEY, oauth_timestamp=TIMESTAMP, oauth_nonce=NONCE,
oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature=SIGNATURE