I am using duo security. But When I want to call using duo api, it shows Invalid signature in request credentials. Here is the error:
{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}
Here is my code..
public class DuoAdminAPIClient {
public static void main(String[] args) {
// Replace with your Duo Admin API credentials
String integrationKey = "DI7ABPU9TUJQO14RET9Q";
String secretKey = "YzDs7ZeQGMllravxDQxcn4jNAwyqF42P1XBDdGd2";
String apiHostname = "api-d221a358.duosecurity.com";
// Create an HttpClient instance
HttpClient httpClient = HttpClients.createDefault();
try {
// Define the user's attributes
String username = "enamul_haque001";
String userFirstName = "Enamul";
String userLastName = "Haque";
// Construct the request body JSON
String createUserRequestBody = String.format(
"{\"username\": \"%s\", \"first_name\": \"%s\", \"last_name\": \"%s\"}",
username, userFirstName, userLastName
);
// Define the API endpoint
String createUserUrl = "https://" + apiHostname + "/admin/v1/users";
// Generate the API signature
// String timestamp = Long.toString(System.currentTimeMillis() / 1000);
String timestamp = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);
String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;
String signature = generateHmacSha1Signature(sigPayload, secretKey);
// Create the HTTP POST request
HttpPost createUserRequest = new HttpPost(createUserUrl);
createUserRequest.addHeader("Authorization", "Basic " + Base64.encodeBase64String((integrationKey + ":" + signature).getBytes()));
createUserRequest.addHeader("Content-Type", "application/json");
createUserRequest.addHeader("Date", timestamp);
createUserRequest.setEntity(new StringEntity(createUserRequestBody));
// Send the request and get the response
HttpResponse createUserResponse = httpClient.execute(createUserRequest);
HttpEntity createUserEntity = createUserResponse.getEntity();
String createUserResponseString = EntityUtils.toString(createUserEntity);
// Print the response (you can parse it to extract relevant information)
System.out.println("Create User Response: " + createUserResponseString);
} catch (Exception e) {
e.printStackTrace();
}
}
private static String generateHmacSha1Signature(String payload, String secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(keySpec);
byte[] result = mac.doFinal(payload.getBytes());
return Base64.encodeBase64String(result);
}
}
What is the wrong of the code? Please help me