Examples¶
The signature is build from a secret key and a request body if exists.
Python¶
To send valid HMAC signature to a view you can use shmac.make_hmac()
from djangohmac.sign import shmac
sig = shmac.make_hmac() # generate signature
response = requests.get(
'/hmac_auth_view',
headers={hmac.header: sig}
)
To generate signature for particular service:
sig = shmac.make_hmac_for('service', 'request body')
response = requests.get(
'/hmac_auth_view',
'request body',
headers={hmac.header: sig}
)
HTTP¶
Valid signature is send:¶
Example request:
GET /api/v1/users HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localdocker:8000
Signature: dXNlcnNlcnZpY2U6RDVyRm5TcnJUUTQyZUttcDIreWhXayttYzZPK0hjRHZjWWFwbW9MeFdjQT0=
User-Agent: HTTPie/0.9.2
Response response:
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Date: Thu, 15 Oct 2015 09:53:10 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Invalid signature is send:¶
Response request:
GET /api/v1/users HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localdocker:8000
Signature: blabla
User-Agent: HTTPie/0.9.2
Response response:
HTTP/1.0 403 FORBIDDEN
Content-Type: text/html; charset=utf-8
Date: Thu, 15 Oct 2015 09:53:35 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Cookie
X-Frame-Options: SAMEORIGIN