我想向授权API发出HTTP请求。因此,我必须在HTTP请求中使用签名。现在,API文档为我提供了如何使用示例代码进行调用的信息。除此之外,它还提供了标题。
这是API的示例代码:
API提供者对cURL请求的示例
curl -X POST --cert yourTLSCertPath/tls.cert --key yourTLSKeyPath/tls.key
-H Date: $reqDate
-H Digest: SHA-256=2ajR8Q+lBNm0eQW9DWWX8dZDZLB8+h0Rgmu0UCDdFrw=
-H Authorization: Signature keyId=$clientId,algorithm="rsa-sha256",headers="(request-target) date digest x-ing-reqid",signature=$signature
-H Content-Type: application/x-www-form-urlencoded
-d grant_type=client_credentials&scope=greetings%3Aview
https://api.ing.com/oauth2/token
我的代码:
var key = fs.readFileSync(path.resolve('./backend/ssl/ING/example_client_tls.key'));
var cert = fs.readFileSync(path.resolve('./backend/ssl/ING/example_client_tls.cer'));
var key2 = fs.readFileSync(path.resolve('./backend/ssl/ING/example_client_signing.key'));
var cert2 = fs.readFileSync(path.resolve('./backend/ssl/ING/example_client_signing.cer'));
var options = {
url: 'https://api.ing.com/oauth2/token',
method: 'POST',
agentOptions: {
host: 'api.ing.com',
cert: cert,
key: key
},
headers: {
'request-target': 'post /oauth2/token',
'content-type': 'application/x-www-form-urlencoded',
digest: 'SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
}
};
var req = request(options, function(req, res, next) {
console.log(res.statusCode);
});
httpSignature.sign(req, {
key: key,
keyId: 'SN=8296291D8E4661EF,CN=example_client_signing,OU=IT Department,O=Sample Org',
algorithm: 'rsa-sha256',
headers: (['(request-target)', 'date', 'digest']),
signature: key2
});
req.end();
我得到的答复是401(未经授权)。所以我在这里犯了一个错误。 有人可以帮我改正我的代码吗?