Skip to content

4. Signing a RestSharp request

Wesley Donker edited this page Feb 2, 2017 · 5 revisions

The following tutorial explains how to sign an HTTP request that is sent using RestSharp.

You will need the Donker.Hmac and Donker.Hmac.RestSharp assemblies for this. Obviously, you'll need RestSharp as well.

Table of contents

  1. About
  2. Creating the signer
  3. Creating the authenticator
  4. Sending a request

1. About

With RestSharp, you can set an authenticator for an IRes__tClient instance by setting it's Authentic__ator property. This property accepts any object as long as it implements RestSharp's IAuthen__ticator interface. When you send a request, RestSharp will pass it through the authenticator before sending it, allowing you to perform any necessary authentication steps for the request. The Donker.Hmac.RestSharp assembly contains an implementation of this authenticator.

2. Creating the signer

Before you can create an authenticator, you will need a configuration and signer. See the Signing a request page for more information, as we will use the same configuration and key repository specified there. We'll use a different signer though. The authenticator that we'll create requires an IRestSharpHmacSigner instance. This interface also implements the IHmacSigner interface.

IRestSharpHmacSigner signer = new RestSharpHmacSigner(configuration, keyRepository);

3. Creating the authenticator

With a configuration and signer, we can create the authenticator and set it for the client.

IRestClient restClient = new RestClient("http://www.example-base-url.com");

...

restClient.Authenticator = new HmacAuthenticator(configuration, signer);

That's all there is to it.

4. Sending a request

When you send a request, there are a few things to keep in mind.

The following RestSharp parameters need to be added BEFORE executing the request and may only be present once:

  • The custom username header, if required;
  • The body (if there is one);
  • The Content-Type header (only if there is a body, RestSharp should do this automatically if a body and handler is set). The Content-Type is extracted from the body parameter (the Parameter.Name property to be precise), NOT from a header parameter.

The following parameters are created and added by the authenticator if they were not already included:

  • The Date header (only if a maximum request age is configured);
  • The Content-MD5 header (only if configured and a body is present, the client's encoding is used for string conversion if possible, otherwise UTF-8 is used).

The following parameters should NOT be added before executing the request because they are overwritten by the authenticator anyway:

  • The Authorization header.

Also, keep in mind that when signing additional canonicalized headers, some will possibly not be available for signing, which may cause validation to fail. This is because RestSharps itself adds some headers after authentication and immediately before sending the request (the User-Agent header for example).

The authenticator will search for the required signature data in both the IRestRequest and IRestClient.

See the example below for setting up a request and sending it.

restClient.AddHandler("application/json", new JsonDeserializer());
restClient.AddDefaultHeader("X-Custom-Header", "Knock knock...");

IRestRequest request = new RestRequest("example", Method.POST);
request.RequestFormat = DataFormat.Json;
request.AddHeader(configuration.UserHeaderName, "John Doe");
request.AddBody(new { Value = "some text" });

IRestResponse response = client.Execute(postRequest);

Clone this wiki locally