I am trying to do a first-step authentication to the PhotoBucket REST API with PHP (no client APIs used). The developer site is down since they are upgrading the service, yet they provided me with an SCID and a Private Key, which I assume are the customer key and customer secret. I have been looking into documentation and other posts with no luck. https://stackoverflow.com/questions/7890518/register-user-by-php-in-photobucket
Here's what I've came up so far:
//default parameters
$url = "http://api.photobucket.com/login/request";
$parameters = array(
'oauth_consumer_key' => rawurlencode('**key**'),
'oauth_nonce' => rawurlencode(md5(time())),//no md5, "Authentication failed nonce invalid"
'oauth_signature_method' => rawurlencode('HMAC-SHA1'),
'oauth_timestamp' => rawurlencode(time()),
'oauth_version' => rawurlencode('1.0'),
'format' => 'json'
);
//creation of base string and signature
$basestring = rawurlencode("POST") . '&' . rawurlencode($url) . '&' . rawurlencode(http_build_query($parameters));
$sign = base64_encode(hash_hmac("sha1", $basestring, "**secret**" . "&", true));
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url . "?" . http_build_query($parameters) . '&oauth_signature=' . rawurlencode($sign));
$result = curl_exec($ch);
If I add the parameters as POSTFIELDS I get: 401, Exception Authentication failed timestamp invalid -1366125875 7 xml POST 1366125875
If I add the parameters like in the example (url + ? + parameters + &signature=signature I get: 401, Exception Authentication failed signature check failed 7 xml POST 1366125970
References: http://pic.photobucket.com/dev_help/WebHelpPublic/Content/Getting%20Started/Consumer%20Authentication.htm
http://feed7.com/ad-202021/Photobucket-Developer-Forum-Code-Examples-and-Libraries
I posted this question as a last resort. However, out of nothing I think I finally figured it out.
1) add the md5() to the time() method to overcome "Authentication failed nonce invalid"
2) correctly sign the base string (using $raw_output=true) $sign = base64_encode(hash_hmac("sha1", $basestring, secret . "&", true));
3) using rawurlencode rather than urlencode (tip from feed7.com user)
4) send everything in the post url (no post data (postfields) as some documentation pages state) to overcome "Authentication failed timestamp invalid"
5) finally, and this was the main reason for this post: do not add the format parameter to the end of the parameters list. either remove it, or add it to the beggining of the parameters list to overcome "Authentication failed signature check failed"
This is because Photobucket enforces what they call "Sort the parameters by name lexographically" which means parameters need to be strictly ordered alphabetically