我在尝试通过node.js客户端使用Segments API时面临授权问题。 停止在灌木丛周围,在管理POST请求和通过x-wsse标头授权的部分下方:
var now = new Date();
var options = {
method: "POST",
hostname: "api3.omniture.com",
path: "/admin/1.4/rest/?method=Segments.Get",
json: true,
headers: {
"Content-Type": "application/json",
"Content-Length" : Buffer.byteLength(JSON.stringify(body)),
"x-wsse": 'UsernameToken Username="[username]:[company]", PasswordDigest="xxxxxxxxxxxxxxxxxxxxxxxxxx==", Nonce="yyyyyyyyyyyyyyyyyyyyyyyyyy", Created="'+now+'"'
}
};
如您所见,我尝试复制API Explorer生成的x-wsse,通过Date()JS类动态指定Created时间戳。
节点客户端报告我这个错误:
{"错误":"错误请求"," error_description":"无法验证身份验证。"," error_uri":空}
我认为x-wsse PasswordDigest和Nonce值也会在每次请求时不断变化,而在这里我将它们静态化。 如果这是问题的原因,那么如何在x-wsse头中动态插入这些参数?
非常感谢。
答案 0 :(得分:2)
是的,PasswordDigest和Created值也是动态生成的,因为它们基于您生成的值。我不知道node.js是否足以向您展示node.js示例,但这里有一个php示例,我做了一些评论:
$username='user:company';
$secret='12345'; // api shared secret key for the user
// The nonce should be a universally unique value. I use a timestamp based value and prefix with a namespace to help make it unique, because AA request digests have to be unique across everybody everywhere ever
$nonce = 'FOO_'.dechex(time());
// datetime stamp in ISO 8601 date format (e.g. '2004-02-12T15:19:21+00:00')
$nonce_ts = date('c');
// Adobe expects the PasswordDigest to be a concatenated string value of the nonce, datetimestamp, and api key. They expect it to be hashed (sha1) and then base64 encoded
$digest = base64_encode(sha1($nonce.$nonce_ts.$secret));
$server = "https://api.omniture.com";
$path = "/admin/1.4/rest/";
$rc=new SimpleRestClient();
$rc->setOption(CURLOPT_HTTPHEADER, array("X-WSSE: UsernameToken Username=\"$username\", PasswordDigest=\"$digest\", Nonce=\"$nonce\", Created=\"$nonce_ts\""));