Some QLM HTTP APIs require strict authentication in order to be invoked from a client. To invoke these APIs, follow the steps below:
Configure Authentication Settings
There are 2 levels of authentication required to support QLM strict authentication:
- You must configure a user/pwd
- You must configure an API key used to compute a hash that will be verified on the server
To configure these settings:
- Launch the QLM Management Console
- Go to the Manage Keys tab
- Click 3rd party extensions
- Select a 3rd party extension
- Set a user and password
- Set an API Key
- Click Ok
In your application, you must dynamically computer the hash and add it to the header of the request as per the instructions below:
- Compute a hash of the URL you are invoking, including all arguments, using SHA256.
- Add the value of the hash in a custom header called Qlm-Authentication
- Add another custom header, Qlm-Timestamp, that contains the current UTC date/time in the following format: yyyy-MM-dd HH:mm:ss. The request will only be honored if it reaches the destination within 60 seconds from the provided time stamp.
C# Example of computing the hash in your application
string url = "http://localhost:55555/qlmservice.asmx/RetrieveActivationKeyHttp?is_orderid=1234&is_userdata1=99999&is_user=ralph&is_pwd=123456&is_format=json";
string apiKey = "123456";
string hashValue = CalcHMACSHA256Hash (url, apiKey);
public static string CalcHMACSHA256Hash(string message, string sharedKey)
{
var hmac = new HMACSHA256(Encoding.ASCII.GetBytes(sharedKey));
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
return string.Join("", hash.ToList().Select(b => b.ToString("x2")).ToArray());
}
Example using Curl to invoke an HTTP method
You can use curl to test the authentication of http method. In the example below, we will use curl to invoke the RetrieveActivationKeyHttp method.
Curl -H"Qlm-Authentication-Token:1c72d8e817623b87d9f804b0d6c28ee4e26d1a55fed564a9fa5c8099c40fbeb2" -H"Qlm-Timestamp:2020-07-16 13:15:00" "http://localhost:55555/qlmservice.asmx/RetrieveActivationKeyHttp?is_orderid=1234&is_userdata1=99999&is_user=ralph&is_pwd=123456&is_format=json"
Testing your hash value
There are many online tools that you can use an online tool to test your hash value.
For example, you can use this tool as shown below:
- Copy/pase your URL in the tool: http://localhost:55555/qlmservice.asmx/RetrieveActivationKeyHttp?is_orderid=1234&is_userdata1=99999&is_user=ralph&is_pwd=123456&is_format=json
- Enter the API key (from Manage Keys / 3rd party extensions) in the Secret Key field
- Select SHA 256
- Click Computer HMAC
Availability: QLM v14+
Comments
0 comments
Article is closed for comments.