I am trying to reproduce the example at https://www.sinch.com/using-rest/#callbackrequestsigning in Python.
I can get to reproducing the "CONTENT-MD5" using:
>>import hasblib
>>import base64
>>m='{"event":"ace","callid":"822aa4b7-05b4-4d83-87c7-1f835ee0b6f6_257","timestamp":"2014-09-24T10:59:41Z","version":1}'
>>base64.b64encode(hashlib.md5(m.encode('utf-8')).digest())
b'REWF+X220L4/Gw1spXOU7g=='
But I am unable to reproduce the signature using the following:
>>>secret ="BeIukql3pTKJ8RGL5zo0DA==".encode('utf-8')
>>>message = 'POST\nREWF+X220L4/Gw1spXOU7g==\napplication/json\nx-timestamp:2014-09-24T10:59:41Z\n/sinch/callback/ace'.encode('utf-8')
>>>base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
b'xLX5N1DejHHma4NwS7IQ40W3041JQeOiFBgE4IhLlkg='
According to the site the signature should be Tg6fMyo8mj9pYfWQ9ssbx3Tc1BNC87IEygAfLbJqZb4
Any ideas?
Turns out the secret is base64 encoded, so we must first decode it before using. The following works:
>>>secret = base64.b64decode("BeIukql3pTKJ8RGL5zo0DA==")
>>>message = 'POST\nREWF+X220L4/Gw1spXOU7g==\napplication/json\nx-timestamp:2014-09-24T10:59:41Z\n/sinch/callback/ace'.encode('utf-8')
>>>base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
b'Tg6fMyo8mj9pYfWQ9ssbx3Tc1BNC87IEygAfLbJqZb4='