The Authorization Header

PHP function to create authentication header for bypass login process. Here signature element is the RFC 2104 HMAC-SHA1 of selected element and so signature part of authorization will vary from request to request.


function generateTimestamp() {
	date_default_timezone_set('GMT');
	return date("D, d M Y H:i:s e" );
}

function generateHeader($clientSecret, $endpoint, $timestamp, $request) {
	$secret = utf8_encode($clientSecret);
	$string_to_sign = utf8_encode(implode("\n", array(
			$endpoint, 
			$timestamp,
			$request
	)));
	$sha1_hash = hash_hmac("sha1", $string_to_sign, $secret, true);
	return utf8_decode(base64_encode($sha1_hash));
}

$clientID = "##################";
$clientSecret = "##################";
$endpoint = "/api/login";
$request = json_encode(array("key"=>"value"));

$timeStamp = generateTimestamp();
$signature = generateHeader($clientSecret, $endpoint, $timestamp, $request);

Authorization: AWS $clientID:$signature // for AWS
Authorization: RTK $clientID:$signature // for Comscore