Issue: HMAC Signatures request does not fail even when required field is not supplied.
For HMAC request, we need 2 stages API call. The first stage is to get the signature, the second stage is to file the real API call with the returned signature.
Sample HMAC Signature request:
POST https://rest.apisandbox.zuora.com/v1/hmac-signatures
Content-Type: application/json
apiAccessKeyId: **
apiSecretAccessKey: ***
{
"method": "POST",
"uri": "https://rest.apisandbox.zuora.com/rest/v1/accounts"
}
RESPONSE:
{
"signature": "NmU5OTdmYTU2OWNkNTMxZmExNDAwMGIzZThkODA2ZjkyZjYxZGUyOQ==",
"token": "fBnm4dtdszFzknUXV8UJtWr364nBFN5v",
"success": true
}
Note that <"name :"> field was not included in the body. Some fields will be required depending on the URI used.
Please reference this KnowledgeCenter article link for details.
As a result, the succeeding create account() call will fail when the generated signature and token are used.
Sample error received:
"code": 90000011,
"message": "Invalid signature."
Reference Number: ACS-4589
Status: Our engineers will be working to add validation for required fields when generating HMAC Signitures. There is no ETA for when this design change will be implemented.
If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √
