DocumentationAPI Reference

Signature Calculation

Suggest Edits

HMAC signatures are calculated using request or response contents and a shared secret provided by Reach. This page contains code samples demonstrating how to calculate the HMAC signature given JSON input and a shared secret string.

The general algorithm for computing a signature is as follows:

  1. Compute the SHA256 HMAC value of the JSON to be submitted (before any encoding) or the JSON received from Reach (after any decoding), using the shared secret provided to you by Reach.
  2. Base-64 encode the result.
import java.security.SignatureException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Encoder;
public class hmac_signature {
 
   public static String compute(String json, String secret) throws SignatureException
   {
       try {
         SecretKeySpec key = new SecretKeySpec(secret.getBytes(), DIGEST_ALGORITHM);
         Mac mac = Mac.getInstance(DIGEST_ALGORITHM);
         mac.init(key);
         BASE64Encoder base64Encoder = new BASE64Encoder();
         return base64Encoder.encode(mac.doFinal(json.getBytes("UTF-8")));
       } catch (Exception e) {
         throw new SignatureException("HMAC Signature failed: " + e.getMessage());
      }
   }
}

import hashlib
import hmac
import base64
signature = base64.b64encode(hmac.new(bytes("secret").encode('utf-8'),
bytes("json").encode('utf-8'),
digestmod=hashlib.sha256).digest())

require 'openssl'
require 'base64'
signature = Base64.strict_encode64(OpenSSL::HMAC.digest
('sha256', secret.encode('utf-8'), json.encode('utf-8')))

$signature = base64_encode(hash_hmac('sha256', $json, $secret, TRUE));

using System.Security.Cryptography;
namespace Util {
  public class hmac_signature {
    private string compute(string json, string secret) {
      secret = secret ?? "";
      var encoding = new System.Text.UTF8Encoding();
      using (var hmacsha256 = new HMACSHA256(encoding.GetBytes(secret))) {
         return Convert.ToBase64String(hmacsha256.ComputeHash(encoding.GetBytes(json)));
      }
    }
  }
}

#include <openssl/hmac.h>
#include <openssl/sha.h>
void compute_signature(const unsigned char *const json,
                       const unsigned int json_len,
                       const unsigned char *const secret,
                       const unsigned int secret_len,
                       char *const signature,
                       unsigned int *signature_len)
{
    assert(json);
    assert(secret);
    assert(signature);
    assert(signagure_len);
    static unsigned char buffer[SHA_DIGEST_LENGTH];
    unsigned int len = sizeof(buffer);
    HMAC(EVP_sha256(), secret, secret_length, json, json_length, buffer, &len);
    base64_encode(buffer, len, signature, signature_len);
}

$ create extension pgcrypto;
$ select encode(hmac(json, secret, 'sha256'), 'base64');

//jsonFormat is the json message
//hmacSecret is your Reach hmac Secret
jsonStr=JSON.stringify(jsonFormat,null,""); //Optional depending on your IDE, jsonStr=jsonFormat might work just well
if (typeof jsonStr != 'string') {
	jsonStr = JSON.stringify(jsonStr);
}	
hashInBase64 = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(jsonStr, hmacSecret, {asBytes: true}));

Updated 7 months ago