The HERE Authentication and Authorization API requires that you sign your requests using the signing process described in the OAuth Core 1.0 specification. Use either the AAA Java SDK or any third-party library that conforms to the OAuth 1.0 specification with “HMAC-SHA256” as the signature method.
Note: You must create a new signature for each token request to the Authentication and Authorization API. Signatures can only be used once.
The first step in creating a signature is to create the signature base string. This string contains the parameters to use when generating the signature.
To begin, make sure you have the information listed in the table above.
Combine these values into a single string by following these steps:
Concatenate each key/value pair, separating each with an ampersand character ("&"). The result is a parameter string that looks like this (line breaks are added for legibility):
grant_type=client_credentials &oauth_consumer_key=access-key-id-1234 &oauth_nonce=LIIpk4 &oauth_signature_method=HMAC-SHA256 &oauth_timestamp=1456945283 &oauth_version=1.0
Combine the HTTP method, base URL, and parameter string into a single string called the "base string". This will be the string from which the signature is generated. The base string is in this format:
The base string consists of: 1. The HTTP method in caps \(POST\) followed by an ampersand \("&"\). 2. The URL of the HERE token service followed by an ampersand \("&"\). 3. The URL-encoded parameter string. For example \(line breaks are added for legibility\): **Note:** The URL-encoded base string should contain exactly two ampersands \("&"\).
Create the signature by passing the signature base string and signing key to the HMAC-SHA256 hashing algorithm and converting the result to a base64 string.