PHP Extension
PHP Extension
ebay: Add Digital Signature to HTTP Request
See more eBay Examples
Demonstrates how to add a digital signature to an ebay HTTP request.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Ebay provides a Key Management API
// See https://developer.ebay.com/api-docs/developer/key-management/overview.html
// The following test keys can be used:
//
// Ed25519
//
// Private Key:
//
// -----BEGIN PRIVATE KEY-----
// MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF
// -----END PRIVATE KEY-----
$strPrivateKey = 'MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF';
//
// Public Key:
//
// -----BEGIN PUBLIC KEY-----
// MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=
// -----END PUBLIC KEY-----
$strPublicKey = 'MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=';
// This example assumes you got a JWE for your given private key from the Ebay Key Management REST API.
// This JWE is just for example:
$strJwe = 'eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw';
$sbBody = new CkStringBuilder();
$sbBody->Append('{\'hello\': \'world\'}');
print 'Body of request:' . "\n";
print $sbBody->getAsString() . "\n";
// -------------------------------------------------
// Build the signature base string...
$sbSigBase = new CkStringBuilder();
$sbSigBase->Append('\'content-digest\': sha-256=:');
$sbSigBase->Append($sbBody->getHash('sha256','base64','utf-8'));
$sbSigBase->Append(':\n');
$sbSigBase->Append('\'x-ebay-signature-key\': ');
$sbSigBase->Append($strJwe);
$sbSigBase->Append('\n');
$sbSigBase->Append('\'@method\': POST\n');
// This is the path part of the URL without query params...
$sbSigBase->Append('\'@path\': ');
$sbSigBase->Append('/verifysignature');
$sbSigBase->Append('\n');
// The is the domain, such as "api.ebay.com" w/ port if the port is something unusual.
// In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis)
// Normally, I think it would just be "api.ebay.com" instead of "localhost:8080".
$sbSigBase->Append('\'@authority\': ');
$sbSigBase->Append('localhost:8080');
$sbSigBase->Append('\n');
$sbSigBase->Append('\'@signature-params\': ');
$sbSigInput = new CkStringBuilder();
$sbSigInput->Append('(\'content-digest\' \'x-ebay-signature-key\' \'@method\' \'@path\' \'@authority\')');
$sbSigInput->Append(';created=');
$dt = new CkDateTime();
$dt->SetFromCurrentSystemTime();
$unixTimeNow = $dt->getAsUnixTimeStr(false);
$sbSigInput->Append($unixTimeNow);
$sbSigBase->AppendSb($sbSigInput);
// -------------------------------------------------
// Sign the signature base string using the Ed25519 private key
$bdPrivKey = new CkBinData();
$bdPrivKey->AppendEncoded($strPrivateKey,'base64');
$privKey = new CkPrivateKey();
$success = $privKey->LoadAnyFormat($bdPrivKey,'');
if ($success == false) {
print $privKey->lastErrorText() . "\n";
exit;
}
$bdToBeSigned = new CkBinData();
$bdToBeSigned->AppendSb($sbSigBase,'utf-8');
$eddsa = new CkEdDSA();
$sigBase64 = $eddsa->signBdENC($bdToBeSigned,'base64',$privKey);
if ($eddsa->get_LastMethodSuccess() == false) {
print $eddsa->lastErrorText() . "\n";
exit;
}
print 'sigBase64:' . "\n";
print $sigBase64 . "\n";
// ----------------------------------------------------------
// Send the JSON POST
$http = new CkHttp();
$http->SetRequestHeader('x-ebay-signature-key',$strJwe);
$sbContentDigestHdr = new CkStringBuilder();
$sbContentDigestHdr->Append('sha-256=:');
$sbContentDigestHdr->Append($sbBody->getHash('sha256','base64','utf-8'));
$sbContentDigestHdr->Append(':');
$http->SetRequestHeader('Content-Digest',$sbContentDigestHdr->getAsString());
$sbSigHdr = new CkStringBuilder();
$sbSigHdr->Append('sig1=:');
$sbSigHdr->Append($sigBase64);
$sbSigHdr->Append(':');
$http->SetRequestHeader('Signature',$sbSigHdr->getAsString());
$sbSigInput->Prepend('sig1=');
$http->SetRequestHeader('Signature-Input',$sbSigInput->getAsString());
// Add this header to make eBay actually check the signature.
$http->SetRequestHeader('x-ebay-enforce-signature','true');
// Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header.
$http->put_AuthToken('your_oauth2_access_token');
// The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature"
// Normally, you'll send your POST to some api.ebay.com endpoint.
$url = 'http://localhost:8080/verifysignature';
$jsonStr = $sbBody->getAsString();
$resp = new CkHttpResponse();
$success = $http->HttpStr('POST','http://localhost:8080/verifysignature',$jsonStr,'utf-8','application/json',$resp);
if ($success == false) {
print $http->lastErrorText() . "\n";
exit;
}
print 'Response status code: ' . $resp->get_StatusCode() . "\n";
print 'Response body:' . "\n";
print $resp->bodyStr() . "\n";
?>