Here is my curl Code it works fine.
$url="XXXXXX";
$key="XXXXXX";
$data='[{"producerNumber":"0500555"}]';
$relativeUrl = '/producer/npn';
$date = gmdate('Y-m-d\TH:i:s\Z');
$dataToSign = $relativeUrl.$data.$date.$key;
$encoded= base64_encode(
hash_hmac('sha256', $dataToSign, base64_decode($key), true)
);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => array(
"Content-Type: application/json",
"Accept: application/json",
"Accept: */*",
"REQUEST_CLIENT_ID: XXXX",
"REQUEST_DATE: " . $date,
"REQUEST_SIGNATURE: " . $encoded,
),
));
$response = curl_exec($curl);
The Mulesoft Http request fails with 403 forbidden.
<http:request method="POST" doc:name="Request" doc:id="82492d2a-cd5e-417d-8078-43daaa982c45" config-ref="HTTP_Request_configuration" path="/npn">
<http:body ><![CDATA[[{"producerNumber":"0500555"}]]]></http:body>
<http:headers><![CDATA[#[%dw 2.0
import dw::Crypto
import * from dw::core::Binaries
output application/json
---
{
"Content-Type": "application/json",
"Accept": "application/json",
"Accept": "*/*",
"REQUEST_CLIENT_ID": "XXXXX",
"REQUEST_DATE": vars.datevalue,
"REQUEST_SIGNATURE": toBase64(Crypto::HMACWith(fromBase64(vars.key as Binary),
vars.relativeUrl ++ vars.producerNo ++ vars.datevalue ++ vars.key as Binary,"HmacSHA256"
))
}]]]></http:headers>
</http:request>
This is error I am getting
ERROR 2025-02-20 17:00:38,760 [[MuleRuntime].uber.05: [car-api].uber@.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain.initialise:648 @778984a7] [processor: post:\postNpn:application\json:car-api-config/processors/5; event: 7fb0dc10-efde-11ef-852b-8a2347d95a3e] .mule.runtime.core.internal.exception.OnErrorPropagateHandler:
Message : HTTP POST on resource 'His is my URL so hidding it' failed: forbidden (403).
Element : post:\postNpn:application\json:car-event-api-config/processors/5 @ car-events-api:car-events-api.xml:221 (Request)
Element DSL : <http:request method="POST" doc:name="Request" doc:id="82492d2a-cd5e-417d-8078-43daaa982c45" config-ref="HTTP_Request_configuration" path="/npn">
<http:body><![CDATA[
[{"producerNumber":"123456"}]
]]></http:body>
<http:headers><![CDATA[
#[%dw 2.0
import dw::Crypto
import * from dw::core::Binaries
output application/json
---
{
"Content-Type": "application/json",
"Accept": "application/json",
"Accept": "*/*",
"REQUEST_CLIENT_ID": "moo-com",
"REQUEST_DATE": vars.datevalue,
"REQUEST_SIGNATURE": toBase64(Crypto::HMACWith(fromBase64(vars.key as Binary),
vars.relativeUrl ++ vars.producerNo ++ vars.datevalue ++ vars.key as Binary,"HmacSHA256"
))
}]
]]></http:headers>
</http:request>
Error type : HTTP:FORBIDDEN
FlowStack : at post:\postNpn:application\json:car-api-config(post:\postNpn:application\json:car-event-api-config/processors/5 @ car-events-api:car-events-api.xml:221 (Request))
at car-events-api-main(car-events-api-main/processors/0 @ car-events-api:car-events-api.xml:35)
(set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
ERROR 2025-02-20 17:00:38,768 [[MuleRuntime].uber.05: [car-api].uber@.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain.initialise:648 @778984a7] [processor: post:\postNpn:application\json:car-api-config/processors/5; event: 7fb0dc10-efde-11ef-852b-8a2347d95a3e] .mule.runtime.core.internal.exception.OnErrorPropagateHandler:
> ********************************************************************************
> Message : HTTP POST on resource 'THis is my URL so hidding it' failed: forbidden (403).
Element : (None)
Element DSL : (None)
Error type : HTTP:FORBIDDEN
FlowStack : (None)
(set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
Any help please!!
Here is my curl Code it works fine.
$url="XXXXXX";
$key="XXXXXX";
$data='[{"producerNumber":"0500555"}]';
$relativeUrl = '/producer/npn';
$date = gmdate('Y-m-d\TH:i:s\Z');
$dataToSign = $relativeUrl.$data.$date.$key;
$encoded= base64_encode(
hash_hmac('sha256', $dataToSign, base64_decode($key), true)
);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => array(
"Content-Type: application/json",
"Accept: application/json",
"Accept: */*",
"REQUEST_CLIENT_ID: XXXX",
"REQUEST_DATE: " . $date,
"REQUEST_SIGNATURE: " . $encoded,
),
));
$response = curl_exec($curl);
The Mulesoft Http request fails with 403 forbidden.
<http:request method="POST" doc:name="Request" doc:id="82492d2a-cd5e-417d-8078-43daaa982c45" config-ref="HTTP_Request_configuration" path="/npn">
<http:body ><![CDATA[[{"producerNumber":"0500555"}]]]></http:body>
<http:headers><![CDATA[#[%dw 2.0
import dw::Crypto
import * from dw::core::Binaries
output application/json
---
{
"Content-Type": "application/json",
"Accept": "application/json",
"Accept": "*/*",
"REQUEST_CLIENT_ID": "XXXXX",
"REQUEST_DATE": vars.datevalue,
"REQUEST_SIGNATURE": toBase64(Crypto::HMACWith(fromBase64(vars.key as Binary),
vars.relativeUrl ++ vars.producerNo ++ vars.datevalue ++ vars.key as Binary,"HmacSHA256"
))
}]]]></http:headers>
</http:request>
This is error I am getting
ERROR 2025-02-20 17:00:38,760 [[MuleRuntime].uber.05: [car-api].uber@.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain.initialise:648 @778984a7] [processor: post:\postNpn:application\json:car-api-config/processors/5; event: 7fb0dc10-efde-11ef-852b-8a2347d95a3e] .mule.runtime.core.internal.exception.OnErrorPropagateHandler:
Message : HTTP POST on resource 'His is my URL so hidding it' failed: forbidden (403).
Element : post:\postNpn:application\json:car-event-api-config/processors/5 @ car-events-api:car-events-api.xml:221 (Request)
Element DSL : <http:request method="POST" doc:name="Request" doc:id="82492d2a-cd5e-417d-8078-43daaa982c45" config-ref="HTTP_Request_configuration" path="/npn">
<http:body><![CDATA[
[{"producerNumber":"123456"}]
]]></http:body>
<http:headers><![CDATA[
#[%dw 2.0
import dw::Crypto
import * from dw::core::Binaries
output application/json
---
{
"Content-Type": "application/json",
"Accept": "application/json",
"Accept": "*/*",
"REQUEST_CLIENT_ID": "moo-com",
"REQUEST_DATE": vars.datevalue,
"REQUEST_SIGNATURE": toBase64(Crypto::HMACWith(fromBase64(vars.key as Binary),
vars.relativeUrl ++ vars.producerNo ++ vars.datevalue ++ vars.key as Binary,"HmacSHA256"
))
}]
]]></http:headers>
</http:request>
Error type : HTTP:FORBIDDEN
FlowStack : at post:\postNpn:application\json:car-api-config(post:\postNpn:application\json:car-event-api-config/processors/5 @ car-events-api:car-events-api.xml:221 (Request))
at car-events-api-main(car-events-api-main/processors/0 @ car-events-api:car-events-api.xml:35)
(set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
ERROR 2025-02-20 17:00:38,768 [[MuleRuntime].uber.05: [car-api].uber@.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain.initialise:648 @778984a7] [processor: post:\postNpn:application\json:car-api-config/processors/5; event: 7fb0dc10-efde-11ef-852b-8a2347d95a3e] .mule.runtime.core.internal.exception.OnErrorPropagateHandler:
> ********************************************************************************
> Message : HTTP POST on resource 'THis is my URL so hidding it' failed: forbidden (403).
Element : (None)
Element DSL : (None)
Error type : HTTP:FORBIDDEN
FlowStack : (None)
(set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
Any help please!!
Share Improve this question edited Feb 20 at 23:35 aled 26k4 gold badges34 silver badges48 bronze badges asked Feb 20 at 23:19 Veera Raghava Prasad GovindaraVeera Raghava Prasad Govindara 155 bronze badges 3- What language is the second code snippet? Please add that as a tag on the question. – Barmar Commented Feb 20 at 23:29
- Error messages and logs also have to be formatted with code block. This time I did it for you. – aled Commented Feb 20 at 23:36
- We have no way to know what is different between both request without the values. That should be part of a minimal reproducible example in your question. Add a capture of the actual HTTP requests from both versions. You can use HTTP Wire logging for the Mule application. If the requests are not HTTPS you could do a traffic capture of both requests with tcpdump, or maybe you can capture both requests from the server. – aled Commented Feb 20 at 23:40
1 Answer
Reset to default 0So the PHP code:
$key = "a2V5";
$dataToSign = "testdataa2V5";
$encoded= base64_encode(
hash_hmac('sha256', $dataToSign, base64_decode($key), true)
);
echo "Decoded key: " . $encoded . "\n";
Produces key like this: "pCjswUCZjUy896fPFTx0iJOua0FTdDXpaMNrbbVW1SQ="
After testing the mulesoft code with the same parameters:
%dw 2.0
import dw::Crypto
import * from dw::core::Binaries
import * from dw::util::Coercions
output application/json
var key = "a2V5"
var data = "testdataa2V5"
---
{
"REQUEST_SIGNATURE": toBase64(Crypto::HMACWith(fromBase64(key as Binary),data as Binary,"HmacSHA256"))
}
We get different result: "YTQyOGVjYzE0MDk5OGQ0Y2JjZjdhN2NmMTUzYzc0ODg5M2FlNmI0MTUzNzQzNWU5NjhjMzZiNmRiNTU2ZDUyNA=="
To fix the issue you should use HMACBinary instead HMACWith since HMACWith computes an HMAC hash (with a secret cryptographic key) on input content, then transforms the result into a lowercase, hexadecimal string.
And you need HMACBinary which returns the content in binary and then you transform it to base64.
After repleacing HMACWith with HMACBinary we get the same results like PHP code.
Hope that helps.