Signature validation failed to fulfill the request #27

canyan-ai · 2023-09-18T11:10:15Z

Hello! Recently UK and EU stores accessed Finances API
The interface prompts that the digital signature is invalid. It turns out that we can all access it successfully. Could you please help me find out the reason? Thank you!
for examble:
GET /sell/finances/v1/payout?filter=lastAttemptedPayoutDate%3A%5B2023-09-16T15%3A31%3A45.000Z..2023-09-18T16%3A56%3A49.237Z%5D&limit=20&offset=0 HTTP/1.1
Host: apiz.ebay.com
signature-input: sig1=("x-ebay-signature-key" "@method" "@path" "@authority");created=xxx
signature: sig1=:***:
x-ebay-signature-key: {jwe} -- generate by https://apiz.ebay.com/developer/key_management/v1/signing_key
{"signingKeyCipher": "ED25519"}
Authorization: ***

Response Body
{
"errors": [
{
"errorId": 215122,
"domain": "ACCESS",
"category": "REQUEST",
"message": "Signature validation failed",
"longMessage": "Signature validation failed to fulfill the request."
}
]
}

We generate the required signature header information through the signature generation tool class of the sdk of the official website as follows:

public class DigitalSignUtil {
private static Logger logger = LoggerFactory.getLogger(DigitalSignUtil.class);

public DigitalSignUtil() {
}

public static Map<String, String> getSignHeaderMap(String privateKey, String jwe, String method, String url, String body) {
    SignatureConfig config = new SignatureConfig();
    config.setDigestAlgorithm("sha-256");
    config.setAlgorithm("Ed25519");
    config.setPrivateKeyStr(privateKey);
    config.setJwe(jwe);
    config.setSignatureParams(Lists.newArrayList(new String[]{"content-digest", "x-ebay-signature-key", "@method", "@path", "@authority"}));
    SignatureComponent sc = new SignatureComponent();
    sc.setMethod(method);

    try {
        if (StringUtils.isNotEmpty(url)) {
            sc.setTargetUri(url);
            if (url.startsWith("https")) {
                sc.setScheme("https");
            } else if (url.startsWith("http")) {
                sc.setScheme("http");
            }

            String temp = url.substring(url.indexOf("://") + 3);
            String authority = temp.substring(0, temp.indexOf("/"));
            sc.setAuthority(authority);
            sc.setPath(url.substring(url.indexOf(authority) + authority.length()));
        }

        config.setSignatureComponents(sc);
        Signature signature = new Signature(config);
        return signature.getSignatureHeaderAsMap(body);
    } catch (SignatureException var9) {
        logger.error("getSignHeaderMap error ", var9);
        return null;
    }
}

}

public Map<String, String> getSignatureHeaderAsMap(String body) throws SignatureException {
Map<String, String> headers = new HashMap();
String contentDigest = this.generateDigestHeader(body);
String xEbaySignatureKey = this.generateSignatureKey();
headers.put("x-ebay-signature-key".toLowerCase(), xEbaySignatureKey);
ObjectMapper mapper = new ObjectMapper();
ObjectNode sign = mapper.createObjectNode();
if (StringUtils.isNotBlank(contentDigest)) {
headers.put("content-digest".toLowerCase(), contentDigest);
sign.put("Content-Digest".toLowerCase(), contentDigest);
}

    sign.put("x-ebay-signature-key".toLowerCase(), xEbaySignatureKey);
    sign.put("Signature".toLowerCase(), this.getSignature(headers));
    sign.put("Signature-Input".toLowerCase(), this.generateSignatureInput(contentDigest));
    return (Map)mapper.convertValue(sign, new TypeReference<HashMap<String, String>>() {
    });
}

/**
* Generate Signature Input header
*
* @param contentDigest content digest
* @return signatureInputHeader signature key header
*/
public String generateSignatureInput(String contentDigest) {
return "sig1=" + signatureService.getSignatureInput(contentDigest, signatureConfig.getSignatureParams());
}

/**
* Generate Signature Input header
*
* @param contentDigest content digest
* @param signatureParams signature params
* @return signatureInputHeader
*/
public String getSignatureInput(String contentDigest, List signatureParams) {
StringBuilder signatureInputBuf = new StringBuilder();
signatureInputBuf.append("(");

    for (int i = 0; i < signatureParams.size(); i++) {
        String param = signatureParams.get(i);
        if(param.equalsIgnoreCase(Constants.CONTENT_DIGEST) && contentDigest==null){
            continue;
        }
        signatureInputBuf.append("\"");
        signatureInputBuf.append(param);
        signatureInputBuf.append("\"");
        if (i < signatureParams.size() - 1) {
            signatureInputBuf.append(" ");
        }
    }

    signatureInputBuf.append(");created=");
    signatureInputBuf.append(Instant.now().getEpochSecond());
    return signatureInputBuf.toString();
}

The text was updated successfully, but these errors were encountered:

canyan-ai · 2023-09-28T09:42:10Z

@uherberg Hello, I encountered the problem of incorrect signature when using the GetAccount interface. I need your help. First of all, we want to know about which part of the payload content of the SOAPMessage should be signed when using the webservice method to request the interface. , and secondly, does this part of the data need to be processed after it is taken out before participating in the signature? Thank you！

rohit-lingayat-sd · 2024-09-11T16:56:14Z

Hey @canyan-ai , did you find any solution for this. I am also facing the same issue. I created a digital signature correctly and also tried diff way to do that but no luck

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Signature validation failed to fulfill the request #27

Signature validation failed to fulfill the request #27

canyan-ai commented Sep 18, 2023 •

edited

Loading

canyan-ai commented Sep 28, 2023

rohit-lingayat-sd commented Sep 11, 2024

Signature validation failed to fulfill the request #27

Signature validation failed to fulfill the request #27

Comments

canyan-ai commented Sep 18, 2023 • edited Loading

canyan-ai commented Sep 28, 2023

rohit-lingayat-sd commented Sep 11, 2024

canyan-ai commented Sep 18, 2023 •

edited

Loading