4. Signing a RestSharp request - DonkerNET/hmac GitHub Wiki
The following tutorial explains how to sign an HTTP request that is sent using RestSharp.
You will need the Donker.Hmac and Donker.Hmac.RestSharp assemblies for this. Obviously, you'll need RestSharp as well.
Table of contents
1. About
With RestSharp, you can set an authenticator for an IRestClient instance by setting it's Authenticator property. This property accepts any type of object as long as it implements RestSharp's IAuthenticator interface. When you send a request, RestSharp will pass it through the authenticator before sending it, allowing you to perform any necessary authentication steps for the request. The Donker.Hmac.RestSharp assembly contains an implementation of this authenticator.
2. Creating the signer
Before you can create an authenticator, you will need a configuration and signer. See the Signing a request page for more information, as we will use the same configuration and key repository specified there. We'll use a different signer though. The authenticator that we'll create requires an IRestSharpHmacSigner instance. This interface also implements the IHmacSigner interface.
IRestSharpHmacSigner signer = new RestSharpHmacSigner(configuration, keyRepository);
3. Creating the authenticator
With a configuration and signer, we can create the authenticator and set it for the client.
IRestClient restClient = new RestClient("http://www.example-base-url.com");
...
restClient.Authenticator = new HmacAuthenticator(configuration, signer);
That's all there is to it.
4. Sending a request
When you send a request, there are a few things to keep in mind.
The following RestSharp parameters need to be added BEFORE executing the request and may only be present once:
- The custom username header, if required;
- The body (if there is one);
- The Content-Type header (only if there is a body, RestSharp should do this automatically if a body and handler is set). The Content-Type is extracted from the body parameter (the Parameter.Name property to be precise), NOT from a header parameter.
The following parameters are created and added by the authenticator if they were not already included:
- The Date header (only if a maximum request age is configured);
- The Content-MD5 header (only if configured and a body is present, the client's encoding is used for string conversion if possible, otherwise UTF-8 is used).
The following parameters should NOT be added before executing the request because they are overwritten by the authenticator anyway:
- The Authorization header.
Also, keep in mind that when signing additional canonicalized headers, some will possibly not be available for signing, which may cause validation to fail. This is because RestSharps itself adds some headers after authentication and immediately before sending the request (the User-Agent header for example).
The authenticator will search for the required signature data in both the IRestRequest and IRestClient.
See the example below for setting up a request and sending it.
restClient.AddHandler("application/json", new JsonDeserializer());
restClient.AddDefaultHeader("X-Custom-Header", "Knock knock...");
IRestRequest request = new RestRequest("example", Method.POST);
request.RequestFormat = DataFormat.Json;
request.AddHeader(configuration.UserHeaderName, "John Doe");
request.AddBody(new { Value = "some text" });
IRestResponse response = client.Execute(request);