Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature validation failed to fulfill the request #25

Open
verghi opened this issue Jun 22, 2023 · 3 comments
Open

Signature validation failed to fulfill the request #25

verghi opened this issue Jun 22, 2023 · 3 comments

Comments

@verghi
Copy link

verghi commented Jun 22, 2023

Hello, I have a problem using getTransactions call in Finances api.
These steps I follow is as follows:
1- I got my ebay token
2- I generate a public and private key using ebay api
3- I sign my signature with my private key
The format of my signature:
'"x-ebay-signature-key": {{ebay_signature_key}}\n'
'"@method": GET\n'
'"@path": /sell/finances/v1/transaction\n'
'"@authority": apiz.ebay.com\n'
'"@signature-params": ("x-ebay-signature-key" "@method" "@path" "@authority");created={{date}}\n'
4- I use ebay api explorer to test my call ( not programming language yet)
Authorization:Bearer {{token}}
X-EBAY-C-MARKETPLACE-ID:EBAY_DE
x-ebay-signature-key: {{signature_key}}
Signature: sig1=:{{signature_signed_with_private_key}}
Signature-Input: sig1=("x-ebay-signature-key" "@method" "@path" "@authority");created={{time_of_request}}
Accept:application/json
5- When I make this call, I got a signature validation error, if you can help me to solve this issue please.
@uherberg
Copy link
Collaborator

@verghi Have you tried your signatures using the verification tool from this repo? In particular, please compare the signature base. Most likely, you calculate your base incorrectly. For example, there are no single quotes (') like you printed above. I have also seen that for Windows users, the line breaks weren't "\n". Which programming language and OS do you use? Can you post your code here? Which method do you use to calculate {{signature_signed_with_private_key}}?

@verghi
Copy link
Author

verghi commented Jun 27, 2023

Hello, thanks for your response, For now, I am using ebay explorer in order to test my calls (so no programming language used at that moment). I use Ubuntu, but I think there is no relation since I am using ebay explorer.
I used this approach to sign my signature:

  • openssl dgst -sha256 -sign key.pem -out sign.txt.sha256 plain-signature.txt
  • openssl enc -base64 -in sign.txt.sha256 -out sign.txt.sha256.base64
    In order to validate my signature, I used this command:
    openssl dgst -sha256 -verify public.pem -signature sign.txt.sha256 plain-signature.txt
    I didn't try the verification tool from this repo yet.

@uherberg
Copy link
Collaborator

@verghi I am not quite sure which algorithm openssl dgst uses. As per the specification, the RSASSA-PKCS1-v1_5 algorithm needs to be used to sign the signature base. Maybe openssl uses a different format. You can use one of the SDKs to generate the signature, in case you use Java, NodeJS or PHP. There is also some sample code for C# available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@uherberg @verghi