Logo Questions Linux Laravel Mysql Ubuntu Git Menu

How to generate oauth_signature intuit ipp QBO API V3

I am having some issues with limitations of the .NET SDK and so would like to issue my own calls to the API and parse the JSON results. I am stuck on creating the authorization header parameter oauth_signature as outlined here.

For this parameter it states: Contains the value generated by running all other request parameters and two secret values through a signing algorithm

  1. Does the "two secret values" refer to the OAuthAccessTokenSecret and the consumerSecret?
  2. Does "all other request parameters" mean just those parameter values? Concatenated?
  3. How do you use 2 secret values in an and HMACSHA1 signing algorithm? All examples I see just use one

What I have so far.

public static string GetOAuthAuthorization(string oauthToken, string oauthSecret, string consumerKey, string consumerSecret)
            string oauth_token = oauthToken;
            string oauth_nonce = Guid.NewGuid().ToString();
            string oauth_consumer_key = consumerKey;
            string oauth_signature_method = "HMAC-SHA1";
            int oauth_timestamp = (int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds;
            string oauth_version="1.0";

            string dataString = oauth_token + oauth_nonce + oauth_consumer_key + oauth_timestamp;

            //TODO: use following to create oauth_signature
            byte[] hashkey = Encoding.ASCII.GetBytes(oauthSecret);  //is this one of the secret values?
            byte[] data = Encoding.ASCII.GetBytes(dataString);
            HMACSHA1 hmac = new HMACSHA1(hashkey); 
            byte[] result = hmac.ComputeHash(data);

            string oauth_signature=Convert.ToBase64String(result);

            return string.Format("OAuth oauth_token='{0}',oauth_nonce='{1}',oauth_consumer_key='{2}',oauth_signature_method='{3}',oauth_timestamp='{4}',oauth_version='{5}',oauth_signature='{6}'",
                oauth_token, oauth_nonce, oauth_consumer_key, oauth_signature_method,oauth_timestamp,oauth_version, oauth_signature
like image 734
crichavin Avatar asked Nov 10 '22 12:11


1 Answers

Please check the sample app provided by Intuit for V3. This is already implemented. You can set in your keys and debug-


When you had generated an app with IPP, you must have got a consumer key and consumer secret. That is what is being referred in the line you have mentioned.


For other questions, just debug the sample code after setting in your app keys in web.config, you will get the answers.

like image 186
nimisha shrivastava Avatar answered Nov 15 '22 10:11

nimisha shrivastava