Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2296
Views
0
Helpful
3
Replies

Invalid signature in request credentials Admin API

ssrinidhi
Level 1
Level 1

‎08-30-2022 03:54 AM

I am trying to get logs using admin API. I generated the HMAC signature using the python code from the Cisco documentation.

import base64, email.utils, hmac, hashlib, urllib

def sign(method, host, path, params, skey, ikey):
“”"
Return HTTP Basic Authentication (“Authorization” and “Date”) headers.
method, host, path: strings from request
params: dict of request parameters
skey: secret key
ikey: integration key
“”"

# create canonical string
now = email.utils.formatdate()
canon = [now, method.upper(), host.lower(), path]
args = []
for key in sorted(params.keys()):
    val = params[key].encode("utf-8")
    args.append(
        '%s=%s' % (urllib.parse.
                   quote(key, '~'), urllib.parse.quote(val, '~')))
canon.append('&'.join(args))
canon = '\n'.join(canon)

# sign canonical string
sig = hmac.new(bytes(skey, encoding='utf-8'),
               bytes(canon, encoding='utf-8'),
               hashlib.sha1)
auth = '%s:%s' % (ikey, sig.hexdigest())

# return headers
return {'Date': now, 'Authorization': 'Basic %s' % base64.b64encode(bytes(auth, encoding="utf-8")).decode()}

and tried to hit the endpoint using postman
URL = https://■■■■■■■■■■■■■■■■■■■■■■■■■■■■/admin/v1/logs/administrator
headers =
Authorization: Basic xxx
Date : Tue, 30 Aug 2022 10:17:16 -0000
Content-Type : application/x-www-form-urlencoded

Still I am getting 40103

{
“code”: 40103,
“message”: “Invalid signature in request credentials”,
“stat”: “FAIL”
}

Please let me know what I am missing here.

Thanks!

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎08-30-2022 06:44 AM

If you want to use Postman, another community member posted an example pre-request script to handle the authorization on the fly for each request here: Preauth API failing but check and ping are good - #11 by xrave. See if that helps you out.

If you actually just want to use Python to access Duo APIs, take a look at our Python API client at GitHub - duosecurity/duo_client_python: Python library for interacting with the Duo Auth, Admin, and Accounts APIs.

Duo, not DUO.
0 Helpful

ssrinidhi
Level 1
Level 1

‎08-31-2022 09:17 PM

Hi Thanks!!

I tried with postman pre-request script, but still I get the same error.
“Invalid signature in request credentials”

2X_9_942f34811f6bee6efb9620bfd2e9105248b89b5f.png

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to ssrinidhi

‎09-01-2022 11:58 AM

Ah, well, you can’t hardcode the timestamp. Note the lines preceding the var timestamp line saying to uncomment them out to get the actual timestamp of the request.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents