ERROR_AUTH HMAC-SHA1

[Fruchtgummi]

<common:messages xmlns:common="http://rest.immobilienscout24.de/schema/common/1.0">

ERROR_AUTHENTICATION_REQUIRED
Invalid signature for signature method HMAC-SHA1

</common:messages>

We can't use PHP, only Golang. We build the header with follow code. I hope you can derive it from golang-code.

signatureBase := strings.ToUpper(oa.Method) + "&" + url.QueryEscape(strings.Split(oa.Url+oa.Path, "?")[0]) + "&" + url.QueryEscape(parameterString)
	signingKey := url.QueryEscape(oa.Config.ConsumerSecret) + "&" + url.QueryEscape(oa.RequestToken.TokenSecret)
	signature := GetSignature(signatureBase, signingKey)

and the endcoding-function

func GetSignature(base, key string) string {
	hash := hmac.New(sha1.New, []byte(key))
	hash.Write([]byte(base))
	signature := hash.Sum(nil)
	return base64.StdEncoding.EncodeToString(signature)
}

If I get the offers, example from "/restapi/api/financing/construction/v2/offer" than run this with the generated header from my function.

Why do i have to treat leads differently than offers?

[DenisHoppe]

Hello Fruchtgummi,
your signature is correctly. Check your Request Url with Parameters. You create the signature with Parameters but the request url is without the query parameter and than the signature is not vaild in your example.

https://datatracker.ietf.org/doc/html/rfc5849#section-3.5.3

Best regards and lot of fun!