Mimecast API - Hashing HMAC-SHA1 with Key

MoneyMan · August 19, 2024, 9:27am

Describe the problem/error/question

I am trying to authorise against the Mimecast API - https://integrations.mimecast.com/documentation/api-overview/authorization/

It requires the below steps:
To create the signature:

Concatenate the following values: ‘x-mc-date’ + ‘:’ + ‘x-mc-req-id’ + ‘:’ + ‘{uri} + ‘:’ + {application key}’ where {uri} is the actual uri of the endpoint the request is sent to and {application key} is the application key value provided when you registered your application. This creates the Data To Sign.
Use the user’s base64 decoded Secret Key to calculate the hash-based message authentication code (HMAC) of the Data To Sign using the HMAC-SHA1 algorithm.
Base64 encode the result of the signed Data to Sign.
Add an Authorization header to your request containing the following elements:
{realm} {accessKey}:{Base64 encoded signed Data To Sign}

Where:

{realm} is MC
{accessKey} is the user’s Access Key.
{Base64 encoded signed Data To Sign} is the result of the calculation made in step 3.

What is the error message (if any)?

I am currently getting an invalid signature error which I assume is because I am struggling with Step2.

I can’t use the Crypto Node as no SHA1 support so have tried the below:

I have found some similar topics in the community as produced code, I notice however whatever I put in key doesn’t change the MyHash output. Assume I am doing something wrong, any help appreciated.

Please share your workflow

Information on your n8n setup

n8n version: N8N Cloud 1.54

n8n · August 19, 2024, 9:27am

It looks like your topic is missing some important information. Could you provide the following if applicable.

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

BramKn · August 19, 2024, 9:43am

Hi @MoneyMan

Seems like you want to sign something, for this we can use the Crypto node. When signing it does allow to use Sha1

Hope this helps

MoneyMan · August 19, 2024, 10:00am

I did consider this but would I then be providing base64 decoded Secret Key as they private key?

I tried and I get

MoneyMan · August 20, 2024, 8:48am

I have got to this point which I believe is correct, but I still get an invalid signature error back from the API.

automaze.me · August 20, 2024, 12:59pm

An HMAC is different from a simple hash value. It is a way to calculate a signature for a message using a shared secret key.

You will need code along these lines (not tested in n8n as I don’t have example data):

function base64Decode(base64String) {
    return Uint8Array.from(atob(base64String), c => c.charCodeAt(0));
}

function createAuthorizationHeader({ uri, applicationKey, secretKey, accessKey, xMcDate, xMcReqId, realm }) {
    // Concatenate values to create Data To Sign
    const dataToSign = `${xMcDate}:${xMcReqId}:${uri}:${applicationKey}`;

    // Decode the base64 encoded secret key
    const decodedSecretKey = base64Decode(secretKey);

    // Create HMAC-SHA1 hash using the decoded secret key
    const hmac = crypto.createHmac('sha1', decodedSecretKey);

    // Update the HMAC with the Data To Sign
    hmac.update(dataToSign);

    // Base64 encode the result of the signed Data To Sign
    const signedDataToSign = hmac.digest('base64');

    // Create the Authorization header value
    const authorizationHeader = `${realm} ${accessKey}:${signedDataToSign}`;

    return authorizationHeader;
}

system · November 18, 2024, 1:00pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.