I'm doing it through the REST API. Two questions
1) I want to push some existing data to Quickblox custom object. How many REST calls do I need? (I am not really clear about the whole state of affair involving computer security.) Is it first to (a) Get a session token. And then just follow Create new record here?
2) I'm trying to get a session token but I'm getting {"errors":{"base":["Unexpected signature"]}} as response. Here is my code to genereate nonce, signature, and getting session token:
# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'
def getNonce():
import random
return random.random()
def createSignature(nonce):
import hashlib
import hmac
import binascii
import time
stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}×tamp={timestamp}'.format(id=appId,
auth_key=authKey, nonce=nonce, timestamp=time.time())
hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n
def getSessionToken():
import time
epoch = "%s" % int(time.time())
nonce = getNonce()
params = {'application_id': appId,
'auth_key': authKey,
'timestamp': epoch,
'nonce': nonce,
'signature': createSignature(nonce)}
jsonData = json.dumps(params)
httpHeaders = {'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'}
r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
response = json.loads(responseJson)
getSessionToken()
I suppose it's the way the signature is generated that is causing the problem?
Here is the answer to my question. It turns out that timestamp should be integer only, hamc should use the secret key, and https://api.quickblox.com/auth.json should be used instead of session. And also I didn't use the right encoding for my signature.