Sinch with PHP getting Invalid Signature error

676 views Asked by At

I am trying to test the Sinch SMS API using Lumen and GuzzleHttp but I am getting "Invalid Signature" error. I already followed the pseudocode, here's a sample of my code:

$body = array('message' => 'sample message');
$contentMD5 = base64_encode(md5(utf8_encode(json_encode($body)), true));
$strToSign = "POST\n" .
    $contentMD5 . "\n" .
    "application/json\n" .
    "x-timestamp:2016-12-21T00:30:31.27Z\n" .
    "/v1/sms/+123456789";
$signature = base64_encode(hash_hmac('sha256', base64_decode($this->API_SECRET, true), utf8_encode($strToSign)));

Then when I send the request here's my attached headers:

$headers = array(
  'Accept' => 'application/json',
  'Content-Type' => 'application/json',
  'X-Timestamp' => '2016-12-21T00:30:31.27Z',
  'Authorization' => "Application $this->API_KEY:" . $signature
);

Assuming that my x-timestamp are correct, what am I doing wrong here? Hope you can help me. Thanks in advance!

1

There are 1 answers

3
cjensen On

Dont base64 encode

$contentMD5 = base64_encode(md5(utf8_encode(json_encode($body)), true));

just md5 it, then base64 encode everything