1

I am trying to retrieve device info from Ninja RMM.

Following is pseudogrammar that illustrates the construction of the request Signature taken from: https://resources.ninjarmm.com/PublicApi/0.1.2/NinjaRMM%20Public%20API%20v0.1.2.pdf

Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, Base64( UTF-8-EncodingOf( StringToSign ) ) ) );
StringToSign = HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n" +
CanonicalizedResource;

Following is an authenticated example request

Request

GET /v1/customers HTTP/1.1
Host: api.ninjarmm.com
Date: Sun, 01 May 2016 06:51:10 GMT
Authorization: NJ TF4STGMDR4H7AEXAMPLE:rEZWuXR0X1wX3autLTHIl2zX98I=

StringToSign

GET\n
\n
\n
Sun, 01 May 2016 06:51:10 GMT\n
/v1/customers

This is the equivalent php code I created. it also contains curl php for GET request

<?php
$requestDateTime = gmdate("D, d M Y H:i:s T");
$httpMethod = 'GET';
$contentMD5 = '';
$contentType = '';
$canonicalPath = '/v2/device';
$StringToSign = $httpMethod."\n".$contentMD5."\n".$contentType."\n".$requestDateTime."\n".$canonicalPath;
$encodeURI = encodeURIComponent($StringToSign);
function encodeURIComponent($str) {
    $revert = array('%21'=>'!', '%2A'=>'*', '%27'=>"'", '%28'=>'(', '%29'=>')');
    return strtr(rawurlencode($str), $revert);
}
$unescape = htmlspecialchars(urldecode($encodeURI));
$encodedString = base64_encode($unescape);
$secretAccessKey = "eh14c4ngchhu6283he03j6o7ar2fcuca0example";
$signature = hash_hmac('sha1', $encodedString, $secretAccessKey, false);
$signatureBase64 = base64_encode($signature);
$stringSignature = strval($signatureBase64);
$url = "https://eu-api.ninjarmm.com/v2/device/1";

$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

$headers = array(
   "date: $requestDateTime",
   "Authorization: NJ TF4STGMDR4H7AEXAMPLE:$stringSignature",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
//for debug only!
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

$resp = curl_exec($curl);
curl_close($curl);
var_dump($resp);
?>

I was basically trying to convert this pre-request postman javascript to php: https://bleepingmachines.com/postman-ninja-rmm-api/

However I keep getting the error

"{"error":"invalid_header","error_description":"Invalid 'Authorization' header","error_code":1}"

I am not able to figure out what is causing the error and how do I solve it.

Qunoot K
  • 71
  • 7
  • Trying to find a good link, here try this one: https://stackoverflow.com/questions/2140419/how-do-i-make-a-request-using-http-basic-authentication-with-php-curl Confused by all the encoding/decoding juggling you do before generating the hash – ficuscr Feb 21 '22 at 20:35
  • Hmm, one thing I see is `date:`. That should be `Date:` or you should use `x-nj-date` I beleive. – ficuscr Feb 21 '22 at 20:51
  • Also, `'/v2/device'` should be `'/v2/devices'` – ficuscr Feb 21 '22 at 20:55
  • I made the changes, but the error did not resolve. – Qunoot K Feb 22 '22 at 03:45

0 Answers0