I am trying to make a call to accounts.notifylogin (Gigya API) from Postman but getting 403003 error

Question

The API request I am calling from Postman is

https://accounts.eu1.gigya.com/accounts.notifyLogin?UIDSig=[dummy_UIDSig]&UIDTimestamp=1608199002&UID=2e607bf09ce12874a909c5c1513fa437&apiKey=[API_of_the_site]&siteUID=[site_uid]

for me, the issue seems to be in UIDSig (not sure how to create it),

and getting bellow response

{
  "callId": "c1f16c61f09d4be5962c2ab046396cbf",
  "errorCode": 403003,
  "errorDetails": "invalid request signature",
  "errorMessage": "Invalid request signature",
  "apiVersion": 2,
  "statusCode": 403,
  "statusReason": "Forbidden",
  "time": "2020-12-17T10:21:00.966Z"
}

Many Thanks.

Answer 1

You only pass UID Signature when on a mobile device, otherwise you pass providerSessions - which is the data you received from the social network. For generating a signature, it would require something similar to this (and should only EVER be done on the server, as it requires using your secret key):

string constructSignature(string timestamp, string UID, string secretKey) {
    baseString = timestamp + "_" + UID;                         // Construct a "base string" for signing
    binaryBaseString = ConvertUTF8ToBytes(baseString);          // Convert the base string into a binary array
    binaryKey = ConvertFromBase64ToBytes(secretKey);            // Convert secretKey from BASE64 to a binary array
    binarySignature = hmacsha1(binaryKey, binaryBaseString);    // Use the HMAC-SHA1 algorithm to calculate the signature
    signature = ConvertToBase64(binarySignature);               // Convert the signature to a BASE64
    return signature;
}