Sending request to REST API using oAuth - fatsecret API

Question

I try to send valid request to REST API which uses oAuth. I keep receiving respond : "Invalid signature". Reference to the API : https://platform.fatsecret.com/api/Default.aspx?screen=rapiauth

Here's steps I do to generate request:

Build Request:

public String buildRequest() {

    ArrayList<String> params = new ArrayList<>(generateParams());
    params.add("oauth_signature=" + sign(buildSignatureBaseString()));

    Collections.sort(params);

    return join(params.toArray(template), "&");
}

Creating Signature Base String:

public String buildSignatureBaseString(){

    StringBuilder builder = new StringBuilder();

    builder.append(METHOD);
    builder.append("&");
    builder.append(percentEncoding(URL));
    builder.append("&");
    builder.append(percentEncoding(join(generateParams().toArray(template), "&")));

    return builder.toString();
}

Generating parameters sorted in natural order:

private ArrayList<String> generateParams() {

    ArrayList<String> params = new ArrayList<>();

    params.add("oauth_consumer_key=" + "...");
    params.add("oauth_signature_method=HMAC-SHA1");
    params.add("oauth_timestamp=" + Long.valueOf(System.currentTimeMillis() / 1000).toString());
    params.add("oauth_nonce=" + getNonce());
    params.add("oauth_version=1.0");
    params.add("format=json");
    params.add("method=foods.search");
    params.add("search_expression=pasta");

    Collections.sort(params);

    return params;
}

Creating Signature Base String:

public String buildSignatureBaseString(){

    StringBuilder builder = new StringBuilder();

    builder.append(METHOD);
    builder.append("&");
    builder.append(percentEncoding(URL));
    builder.append("&");
    builder.append(percentEncoding(join(generateParams().toArray(template), "&")));

    return builder.toString();
}

Generating signature with HMAC-SHA1:

public String sign(String sbs) {

    String key = <SharedSecret> + "&";
    SecretKeySpec sk = new SecretKeySpec(key.getBytes(Charset.forName("UTF-8")), ALGORITHM);
    try {
        Mac m = Mac.getInstance(ALGORITHM);
        m.init(sk);
        byte[] hmacEncoded = m.doFinal(sbs.getBytes(Charset.forName("UTF-8")));
        byte[] base64Encoded = Base64.encode(hmacEncoded, Base64.DEFAULT);
        return Uri.encode(new String(base64Encoded, Charset.forName("UTF-8")));
    } catch (java.security.NoSuchAlgorithmException e) {
        Log.w("FatSecret_TEST FAIL", e.getMessage());
        return null;
    } catch (java.security.InvalidKeyException e) {
        Log.w("FatSecret_TEST FAIL", e.getMessage());
        return null;
    }
}

Could someone more experienced in this matter help?

Regards

Welcome to the Treehouse Community

Looking to learn something new?

Adam Sawicki

Adam Sawicki

Sending request to REST API using oAuth - fatsecret API