Creating a Signature

The HERE Authentication and Authorization API requires that you sign your requests using the signing process described in the OAuth Core 1.0 specification. Use either the AAA Java SDK or any third-party library that conforms to the OAuth 1.0 specification with “HMAC-SHA256” as the signature method.

Note: You must create a new signature for each token request to the Authentication and Authorization API. Signatures can only be used once.

Create OAuth1.0 Signature

The first step in creating a signature is to create the signature base string. This string contains the parameters to use when generating the signature.

  1. To begin, make sure you have the information listed in the table above.

  2. Combine these values into a single string by following these steps:

    1. URL encode every key and value.
    2. Sort the list of key-value pairs alphabetically by key.
    3. Concatenate each key/value pair, separating each with an ampersand character ("&"). The result is a parameter string that looks like this (line breaks are added for legibility):

  3. Combine the HTTP method, base URL, and parameter string into a single string called the "base string". This will be the string from which the signature is generated. The base string is in this format:

The base string consists of:

1. The HTTP method in caps \(POST\) followed by an ampersand \("&"\).
2. The URL of the HERE token service followed by an ampersand \("&"\).
3. The URL-encoded parameter string.
For example \(line breaks are added for legibility\):

**Note:** The URL-encoded base string should contain exactly two ampersands \("&"\).

Create the Signing Key


Create the Signature

Create the signature by passing the signature base string and signing key to the HMAC-SHA256 hashing algorithm and converting the result to a base64 string.

results matching ""

    No results matching ""