5

I am having some issues with limitations of the .NET SDK and so would like to issue my own calls to the API and parse the JSON results. I am stuck on creating the authorization header parameter oauth_signature as outlined here.

For this parameter it states: Contains the value generated by running all other request parameters and two secret values through a signing algorithm

  1. Does the "two secret values" refer to the OAuthAccessTokenSecret and the consumerSecret?
  2. Does "all other request parameters" mean just those parameter values? Concatenated?
  3. How do you use 2 secret values in an and HMACSHA1 signing algorithm? All examples I see just use one

What I have so far.

public static string GetOAuthAuthorization(string oauthToken, string oauthSecret, string consumerKey, string consumerSecret)
        {   
            string oauth_token = oauthToken;
            string oauth_nonce = Guid.NewGuid().ToString();
            string oauth_consumer_key = consumerKey;
            string oauth_signature_method = "HMAC-SHA1";
            int oauth_timestamp = (int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds;
            string oauth_version="1.0";

            string dataString = oauth_token + oauth_nonce + oauth_consumer_key + oauth_timestamp;

            //TODO: use following to create oauth_signature
            byte[] hashkey = Encoding.ASCII.GetBytes(oauthSecret);  //is this one of the secret values?
            byte[] data = Encoding.ASCII.GetBytes(dataString);
            HMACSHA1 hmac = new HMACSHA1(hashkey); 
            byte[] result = hmac.ComputeHash(data);

            string oauth_signature=Convert.ToBase64String(result);

            return string.Format("OAuth oauth_token='{0}',oauth_nonce='{1}',oauth_consumer_key='{2}',oauth_signature_method='{3}',oauth_timestamp='{4}',oauth_version='{5}',oauth_signature='{6}'",
                oauth_token, oauth_nonce, oauth_consumer_key, oauth_signature_method,oauth_timestamp,oauth_version, oauth_signature
            );
        }
crichavin
  • 4,672
  • 10
  • 50
  • 95

1 Answers1

1

Please check the sample app provided by Intuit for V3. This is already implemented. You can set in your keys and debug-

https://github.com/IntuitDeveloperRelations/

When you had generated an app with IPP, you must have got a consumer key and consumer secret. That is what is being referred in the line you have mentioned.

https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started

For other questions, just debug the sample code after setting in your app keys in web.config, you will get the answers.

nimisha shrivastava
  • 2,357
  • 2
  • 16
  • 31
  • 1
    Thanks @nimisha but I don't want to use the SDKs. I am trying to figure out how to make the API calls directly, without using the SDK. So this comes down to making a REST call, which I can do. The problem I am having is figuring out how to populate the specific fields that must be in the Authorization header of the REST call. – crichavin Feb 28 '14 at 16:40
  • 1
    @ChadRichardson Did you ever figure this out? We are trying to not use the SDK also. – Ryan Jun 13 '16 at 21:21
  • 1
    So Intuit has created an API but can't tell anyone how to generate the signature to make the calls. It's almost as if no one who works there even knows anymore... – Ralph Sep 22 '16 at 16:25