Welcome to Keen Software House Forums! Log in or Sign up to interact with the KSH community.
  1. You are currently browsing our forum as a guest. Create your own forum account to access all forum functionality.

[Solved] Making POST Requests with the remote API

Discussion in 'Modding' started by TopHatTim, Feb 3, 2019.

  1. TopHatTim Trainee Engineer

    Messages:
    15
    I'm trying to send chat messages using the route:
    http://<server_ip>:<server_port>/vrageremote/v1/session/gamechat

    I can't figure out how the authentication works, so I just get a 403 forbidden error.

    Any clues? :)

    Edit: Perhaps I should rephrase - there is no information about how to use the API key as authorisation or how to create a user (or use the default admin user?) as auth if that's what is required.
    Edit 2: Solved below in 3rd comment
     
    Last edited: Feb 9, 2019
  2. CptTwinkie ME Asst. Producer Staff

    Messages:
    4,441
    403 means you don't have access to it with the credentials provided.
    Either you haven't been granted access or you have been authenticated as an anonymous user.

    Basically, you need to be an authenticated user before you access gamechat. You cannot send http get to gamechat and authorize after.
     
  3. TopHatTim Trainee Engineer

    Messages:
    15
    I have tried sending the request with the authorisation set to the API key, I have full access to the server to set up any access I need just don't understand how to send the authentication in the right format I think.
    I just want to have the same functionality as in the remote client but through a HTTP request instead of the tool.
     
  4. TopHatTim Trainee Engineer

    Messages:
    15
    I did manage to figure this out with help from Deepflame.

    The authorization uses a message made up of the API route you are requesting, a nonce (random integer) and the date you make the request. This message is then encrypted using HMAC SHA-1 and the remote API key decoded from base64 into a buffer as the key. Then we get our authorization hash by encoding this in base64. We then use this information in the authorization header in the format "Authorization: <NONCE>:<HASH>"

    Also have to include the Date header with the same date value used in the authorization message.

    Here's my test code (NodeJS) which allows me to send the message "api test" to the server.

    Code:
    	let nonce = function(length) {
    		var text = "";
    		var possible = "0123456789";
    		for(let i = 0; i < length; i++) {
    			text += possible.charAt(Math.floor(Math.random() * possible.length));
    		}
    		return text;
    	}
    
    	const today = moment();
    	const date = `${today.format('ddd, DD MMM YYYY HH:mm:ss')} GMT`
    	const myNonce = nonce(9)
    	const message = (`/vrageremote/v1/session/gamechat\r\n${myNonce}\r\n${date}\r\n`)
    	const key = Buffer.from(process.env.MEDIEVAL_API_KEY, 'base64')
    	const hash = crypto.createHmac('sha1', key).update(message).digest('base64')
    
    	const data = JSON.stringify({
    		'RecipientIdentityId': null,
    		'Message': 'api test'
    	})
    
    	fetch(`http://${process.env.MEDIEVAL_DS_ADDRESS}:${process.env.MEDIEVAL_API_PORT}/vrageremote/v1/session/gamechat`, {
    		method: 'POST',
    		body: data,
    		headers: {
    			'Date': date,
    			'Authorization': `${myNonce}:${hash}`,
    			'Accept': 'application/json',
    			'Content-Type': 'application/json'
    		}
    	})
    	.then(res => console.log(res))
    
     
    Last edited: Feb 13, 2019