HMAC authenticated API calls with multipart/form
We have an existing API where 3rd parties can push data. The API calls are authenticated with HMAC using the same scheme as described in Ruby's ApiAuth library which I use to verify signed requests. We now need to support multipart/form-data file uploads.
I'm attempting to write a bash script as an example API call using cURL. I already have one that works without file uploads (POST request with only JSON data) here.
The part I'm stuck on is generating the $content_md5 for the multipart request. I understand the content of a multipart request has content sections separated by the boundary string, as described here.
Problem 1: cURL generates it's own boundary string and appends it to my content-type header Problem 2: Should I MD5 the entire request body with boundary strings and section headers included?
So basically, I need to be able to know what the boundary string is so that I can generate a string that looks like the content sections and boundaries described in the http multipart format, lines 7 through 23 so that I may MD5 it.
Is there a way to do this with only cURL? Is there a better way to construct such an HMAC signed multipart request?
I was hoping to do it with cURL to present as a generalized example to 3rd party devs that will integrate with our API so they can sign their requests in whatever language they're using.
链接地址: http://www.djcxy.com/p/22218.html上一篇: 如何以多部分/形式获取文件的实际文件大小