rapihttrwsse

How to use httr correctly for X-WSSE Authentification?

I´m trying to connect to the API of emarsys. They use X-WSSE as authentification method and i´m stuck and need to figure out what i am doing wrong. I tried to make the header as requested, but i don´t know where it went wrong. I´m very thankful for your comments!

install.packages("httr")
install.packages("digest")
library("httr") 
library("digest")

# prepare userdata
username     <- "customer001"
secretkey    <- "supersecretkey"
timestamp    <- format(as.POSIXlt(Sys.time(), "UTC"), "%Y-%m-%dT%H:%M:%SZ")
nonce        <- digest(random(8), length=16)

# passworddigest
pwd       <- paste0(nonce, timestamp, secretkey) 
pwd       <- digest::sha1(pwd, algo="sha1", serialize=FALSE)  
pwd       <- jsonlite::base64_enc(charToRaw(pwd)) 

URL_base     <- "https://api.emarsys.net/api/v2/"
URL_endpoint <- "contact/settings"
URL          <- paste0(URL_base,URL_endpoint)

# create header 
header <- c(paste0('UsernameToken ',
                   'Username="', username, '", ',
                   'PasswordDigest="', pwd,'", ',
                   'Nonce="', nonce, '", ',
                   'Created="', timestamp,'"'))
# name header
names(header) <- 'X-WSSE:'    

# make httr request   
response <- GET(URL, add_headers(.headers = header))
response

The http-header should look like this:

X-WSSE: UsernameToken Username="customer001", PasswordDigest="ZmI2ZmQ0MDIxYmQwNjcxNDkxY2RjNDNiMWExNjFkZA==", Nonce="d36e3162829ed4c89851497a717f", Created="2014-03-20T12:51:45Z"

But i don´t know where i can find out, how the request from my httr-code looks and what i do different. EDIT: "digest::sha1(pwd, algo="sha1", serialize=FALSE)" has to be digest(pwd, algo="sha1", serialize=FALSE). Then it works.

Solution

  • This is kind of a comment but I can't get formatting the way it needs to be there for clarity so here it is. SO pedants can feel free to downvote this if so moved:

    First, add a verbose() parameter to the GET() call to see if what you're passing is what you think it should be. I'm betting the issue is the : in the 'X-WSSEP:' value you are assigning. I also find it much easier to use named parameters to the add_headers() call so perhaps try:

    GET(
  url = URL,
  add_headers(`X-WSSE` = header),
  verbose()
)

    to see if that clears this up or at least gets you a bit further.

    Also: once your issues are solved and you get the access you want, consider making a pkg for the Emarsys API. If you've not made packages before it cld be a ++gd learning experience and either way it may help others.