Skip to content
/ http-hmac-paw Public

A Paw extension that implements version 2.0 of the HTTP HMAC Spec to sign and verify RESTful web API requests

License

MIT license
6 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

itafroma/http-hmac-paw

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.markdown
README.markdown
 
 
gulpfile.js
gulpfile.js
 
 
package.json
package.json
 
 
webpack.config.js
webpack.config.js
 
 

Repository files navigation

HTTP HMAC Signer for Paw

A Paw extension that implements version 2.0 of the HTTP HMAC Spec to sign and verify RESTful web API requests.

Installation

First, install Homebrew if you don't already have it installed. Next:

brew install node
git clone git@github.com:itafroma/http-hmac-paw.git
cd http-hmac-paw
npm install
./node_modules/.bin gulp install

You can confirm the extension is installed in Paw by opening the extensions manager via the PawExtensionsManage extensions… menu.

Usage

Signing requests with HTTP HMAC Spec v2 involves a number of required headers, outlined below. Once the headers are supplied, you can make requests as per normal Paw usage.

X-Authorization-Timestamp

This header is required for all requests. For this header's value, find and select the Timestamp Epoch Time dynamic value token. There is no additional configuration.

X-Authorization-Content-SHA256

This header is required if you have a request body. For this header's value, find and select the SHA256 dynamic value token. Then, click on the token to bring up its configuration:

  • Input: Find and select the Request Raw Body dynamic value token.
  • Algorithm: SHA256
  • Encoding: Base64

Content-Type

This header is required if you have a request body. For this header's value, use whatever mimetype is appropriate for your request body.

Authorization

This header is required for all requests. For this header's value, find and select the HTTP HMAC Spec Signature v2.0 dynamic value token. Then, click on the token to bring up its configuration:

  • Realm: Use the Realm supplied by the API documentation.
  • API Key ID: Use the API Key ID given to you.
  • API Secret Key: Use the API Secret Key given to you. This must be Base64-encoded if it isn't already.
  • Request: Advanced usage; you can usually just leave this set to "Current Request"

Known Issues

The extension doesn't currently support signing requests with additional custom headers.

License and copyright

This extension is copyright Mark Trapp. All Rights Reserved. It is made available under the terms of the MIT license. A copy of the license can be found in the LICENSE file within this repository.

Disclosure and disclaimer

I am an employee of Acquia Inc., the author of the HTTP HMAC Spec. This extension was created as a personal project and had no Acquia involvement. Likewise, the development of this extension has no involvement from Paw Inc., the developers of Paw, with whom I am not affiliated in any way.

About

A Paw extension that implements version 2.0 of the HTTP HMAC Spec to sign and verify RESTful web API requests

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages