1

I am trying to test the Sinch SMS API using Lumen and GuzzleHttp but I am getting "Invalid Signature" error. I already followed the pseudocode, here's a sample of my code:

$body = array('message' => 'sample message');
$contentMD5 = base64_encode(md5(utf8_encode(json_encode($body)), true));
$strToSign = "POST\n" .
    $contentMD5 . "\n" .
    "application/json\n" .
    "x-timestamp:2016-12-21T00:30:31.27Z\n" .
    "/v1/sms/+123456789";
$signature = base64_encode(hash_hmac('sha256', base64_decode($this->API_SECRET, true), utf8_encode($strToSign)));

Then when I send the request here's my attached headers:

$headers = array(
  'Accept' => 'application/json',
  'Content-Type' => 'application/json',
  'X-Timestamp' => '2016-12-21T00:30:31.27Z',
  'Authorization' => "Application $this->API_KEY:" . $signature
);

Assuming that my x-timestamp are correct, what am I doing wrong here? Hope you can help me. Thanks in advance!

Jed
  • 1,054
  • 1
  • 15
  • 34

1 Answers1

0

Dont base64 encode 

$contentMD5 = base64_encode(md5(utf8_encode(json_encode($body)), true));

just md5 it, then base64 encode everything

Daniel W.
  • 31,164
  • 13
  • 93
  • 151
cjensen
  • 2,703
  • 1
  • 16
  • 15
  • No good, i'm still getting the invalid signature error. Is it possible that it's because of my timestamp? My timezone is different than the Sinch servers so what I do is I always put my request timestamp ahead of theirs. – Jed Dec 21 '16 at 22:30
  • All time stamp are in Utc – cjensen Dec 28 '16 at 01:24
  • So what could be possibly wrong here? I tried your suggestion but still getting the same error. – Jed Dec 28 '16 at 01:28