A simple example API and secret key signature authentication implementations of authentication in PHP.
Below is a simple PHP snippet using GuzzleHttp to the /ping endpoint. Please note the calculation of the timestamp is the UNIX timestamp in milliseconds
Calculating HMAC on Striga v1
Please note that from v1 onwards, the root of the URL that includes
/api/v1is NOT included in the calculation of the HMAC, unlike in v0.
<?php
require_once './autoload.php';
use GuzzleHttp\Client;
use GuzzleHttp\Psr7;
use GuzzleHttp\Exception\ClientException;
$client = new Client(['base_uri' => 'https://www.sandbox.striga.com/api/v1/']);
$SANDBOX_API_SECRET = '<YOUR-API-SECRET>';
$method = 'POST';
$body = ['ping' => 'pong'];
$TEST_ENDPOINT = '/ping';
function calcSig($body) {
global $SANDBOX_API_SECRET, $method, $TEST_ENDPOINT;
$mstime = floor(microtime(true) * 1000);
$hmac = $mstime;
$hmac .= $method;
$hmac .= $TEST_ENDPOINT;
$contentHash = md5(json_encode($body));
$hmac .= $contentHash;
$hmac = hash_hmac('sha256', $hmac, $SANDBOX_API_SECRET);
$auth = 'HMAC ' . $mstime . ':' . $hmac;
return $auth;
}
$headers = [
'authorization' => calcSig($body),
'api-key' => '<YOUR-API-KEY>',
'Content-Type' => 'application/json',
];
echo print_r($headers);
try {
$response = $client->request('POST', 'ping', [
'headers' => $headers,
'json' => $body
]);
echo $response->getBody();
} catch (ClientException $e) {
echo Psr7\Message::toString($e->getRequest());
echo Psr7\Message::toString($e->getResponse());
}
?>