HMAC authenticated API calls with multipart/form

We have an existing API where 3rd parties can push data. The API calls are authenticated with HMAC using the same scheme as described in Ruby's ApiAuth library which I use to verify signed requests. We now need to support multipart/form-data file uploads.

I'm attempting to write a bash script as an example API call using cURL. I already have one that works without file uploads (POST request with only JSON data) here.

The part I'm stuck on is generating the $content_md5 for the multipart request. I understand the content of a multipart request has content sections separated by the boundary string, as described here.

Problem 1: cURL generates it's own boundary string and appends it to my content-type header Problem 2: Should I MD5 the entire request body with boundary strings and section headers included?

So basically, I need to be able to know what the boundary string is so that I can generate a string that looks like the content sections and boundaries described in the http multipart format, lines 7 through 23 so that I may MD5 it.

Is there a way to do this with only cURL? Is there a better way to construct such an HMAC signed multipart request?

I was hoping to do it with cURL to present as a generalized example to 3rd party devs that will integrate with our API so they can sign their requests in whatever language they're using.

链接地址: http://www.djcxy.com/p/22218.html

上一篇: 如何以多部分/形式获取文件的实际文件大小

下一篇: 使用multipart / form的HMAC认证API调用