how to sign request in php with jwt with 3rd party rest api

Question

I'm writing a code to authenticate or connect JWT rest API, but I'm unable to connect with that, I've prepared all the code, but it's still unsuccessful, I don't know what's the issue with it.

I've generated the JWT token already. I don't know what exactly the issue is.

Here's the error I'm getting:

Client error: POST https://apisandbox.swissmoney.com/api/integration/v1/company-profiles resulted in a 401 Unauthorized response

Here is the code I created:

function sendApiRequest($method, $uri, $data) {
    // Define your API base URL
    $baseUrl = 'https://apisandbox.swissmoney.com';

    // Define the API secret key
    $apiSecretKey = file_get_contents('file:///home/cidrqqhe/cidrus_money_private.key'); // Replace with your actual secret key

    // Generate a nonce (unique number or string)
    $nonce = uniqid();

    // Get the current UNIX timestamp
    $timestamp = time();

    // Define the JWT payload
    $jwtPayload = [
        'target' => $method . ' ' . $uri,
        'nonce' => $nonce,
        'nbf' => $timestamp,
        'exp' => $timestamp + 30, // Adjust the expiration time as needed
        'sub' => 'xxxx-xx-xxxx-xxxx-b2d4d5190967', // Replace with your API Key
        'aud' => $baseUrl,
        'bodyHash' => base64_encode(hash('sha256', json_encode($data))),
    ];

    // Encode the JWT payload
    $jwtHeader = [
        'alg' => 'RS256',
        'typ' => 'JWT',
    ];

    // Encode the JWT header
    $encodedJwtHeader = base64_encode(json_encode($jwtHeader));
    
    $encodedJwtPayload = base64_encode(json_encode($jwtPayload));

    // Create the JWT signature
    $signature = '';
    
    openssl_sign($encodedJwtHeader . '.' . $encodedJwtPayload, $signature, openssl_pkey_get_private($apiSecretKey));

    // Encode the JWT signature
    $encodedSignature = base64_encode($signature);

    // Create the Authorization header
    $authorizationHeader = 'Bearer ' . $encodedJwtHeader . '.' . $encodedJwtPayload . '.' . $encodedSignature;

    // Create the request headers
    $headers = [
        'X-API-Key' => 'xxxx-xx-xxxx-xxxx-b2d4d5190967', // Replace with your API Key
        'Authorization' => $authorizationHeader,
        'Content-Type' => 'application/json',
    ];

    // Create a Guzzle client
    $client = new Client();

    // Send the API request
    $response = $client->request($method, $baseUrl . $uri, [
        'headers' => $headers,
        'json' => $data,
    ]);

    // Handle the API response as needed
    return $response->getBody()->getContents();
    
}

check and make sure your API params are correctly added. `401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.` — Mr. Kenneth, Aug 23 '23 at 08:21
source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401 — Mr. Kenneth, Aug 23 '23 at 08:22
i'm sending the request in correct order or not? headers, payload are correct or not? — Abdul Qadeer, Aug 23 '23 at 08:29
I am not sure. Did not use this API service. Like I said earlier, did you check that the `params` of your API are correct? — Mr. Kenneth, Aug 23 '23 at 08:32
@Mr.Kenneth do you have an example or sample code similar to my code? — Abdul Qadeer, Aug 23 '23 at 09:34
Without knowing what the API expects, it is difficult to know what the correct code would be. Can you provide a link to the API documentation? — ADyson, Aug 23 '23 at 09:58
Hello, @ADyson this is the api documentation link. https://apisandbox.swissmoney.com/integration-api-docs/index.html#/ — Abdul Qadeer, Aug 24 '23 at 18:02
You haven't told us which of those URIs and methods specifically you are trying to call — ADyson, Aug 25 '23 at 08:45
Also as far as I can see that documentation says nothing about how to authenticate to the API or what headers to include. Is there another page which describes that? — ADyson, Aug 25 '23 at 08:46
If you have instructions to share, paste them into the question, or at least provide a link. You can [edit] your question anytime you like. — ADyson, Aug 25 '23 at 09:48
check out this please, i've posted complete details there. https://stackoverflow.com/questions/76974364/how-to-sign-request-in-php-with-jwt-by-following-the-instructions-below — Abdul Qadeer, Aug 25 '23 at 09:48
@ADyson please check this. https://stackoverflow.com/questions/76974364/how-to-sign-request-in-php-with-jwt-by-following-the-instructions-below and help me out. — Abdul Qadeer, Aug 25 '23 at 09:50

how to sign request in php with jwt with 3rd party rest api

0 Answers0