This is my first attempt at writing a Rails app to consume an external web service.
I have done some basic experimentation retrieving some records from another rails app via ActiveResource which worked pretty well, but in this instance I am trying to access a third party web service which requires very specific authentication before I can do anything.
The service in question is a REST API provided by DNSMadeEasy the documentation for which can be located at http://www.dnsmadeeasy.com/services/rest-api/
The authentication requirements according to the documentation are as follows:
- Create the string representation of the current date and time in HTTP format. Example: Sat, 12 Feb 2011 20:59:04 GMT
- Calculate the hexadecimal HMAC SHA1 hash of that string using your Secret key as the hash key.
- Set the values for the request headers using your API key, the current date and time, and the HMAC hash that you calculated.
So I figured out how to get the date and calculate the hash:
request_date = Time.now.httpdate hmac = OpenSSL::HMAC.hexdigest('sha1', secret_key, request_date)
So my question has three parts:
Firstly, how do I then go about inserting this information in the HTTP header when I send off my request to the web service?
Secondly, how do I go about putting all this in a super class that my ActiveResource classes inherit from, so that I don’t have to worry about it in the classes for Domain and ResourceRecord?
Thirdly, is there a best practice for storing API and secret keys in your app, i.e. should this be done with an initializer, or is it best to use an environment variable?
Any tips and tricks for this sort of workflow would be extremely appreciated.
Thanks
