London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!
AI OnAI Off
Deployment API HMAC computation
Yes the documentation is awfully incomplete - it took me a long time just to realize the api endpoint is actually https://paasportal.episerver.net.
You can use the powershell source for their own powershell api library as source:
# Initialize utils required for computing an HMAC and md5 signature/hash
$hmacAlgorithm = New-Object System.Security.Cryptography.HMACSHA256
$md5 = [System.Security.Cryptography.MD5]::Create()
# Set the secret the HMAC algorithm uses for computing the signature
$hmacAlgorithm.key = [System.Convert]::FromBase64String($ClientSecret)
# Define the different parts that make up the HMAC signature
$path = ([System.Uri] $RequestHash.Uri).PathAndQuery
$method = $RequestHash.Method.ToUpperInvariant()
$timestamp = [DateTimeOffset]::UtcNow.ToUnixTimeMilliSeconds().ToString("0")
$nonce = (New-Guid).ToString("N")
# Define the HTTP request payload that will be tacked on to the signature
if ($RequestHash.Body) {
$bodyBytes = [Text.Encoding]::UTF8.GetBytes($RequestHash.Body)
}
else {
$bodyBytes = [Text.Encoding]::UTF8.GetBytes('')
}
$bodyHashBytes = $md5.ComputeHash($bodyBytes)
$hashBody = [Convert]::ToBase64String($bodyHashBytes)
# Combine all the parts into a signature message
$message = "{0}{1}{2}{3}{4}{5}" -f $ClientKey, $method, $path, $timestamp, $nonce, $hashBody
$messageBytes = [Text.Encoding]::UTF8.GetBytes($message)
# Define the HMAC signature from the message
$signatureHash = $hmacAlgorithm.ComputeHash($messageBytes);
$signature = [Convert]::ToBase64String($signatureHash)
# Define the authorization header for the HTTP request
$authorization = "epi-hmac {0}:{1}:{2}:{3}" -f $ClientKey, $timestamp, $nonce, $signature
Source: https://www.powershellgallery.com/packages/EpiCloud/0.13.15
Download the package manually, rename the .nupkg file to zip. Extract the files. You find the code snippet above in "EpiCloud.psm1", line 304.
Nov 16, 2021 21:05
We are interested in using the Deployment REST API and have a question about how to generate the HMAC computation referenced here: https://world.episerver.com/documentation/developer-guides/digital-experience-platform/deploying/episerver-digital-experience-cloud-deployment-api/authentication/
Is there a code example that can be referenced so we can understand more about how the message should be constructed? I don't think there is enough information in that help article to enable writing code to be able to generate a message in the appropriate format.