Systematic Community

bender · Tuesday

Hi everyone,

I'm working on trying to integrate the Lexsynergy API with Workato, but I've hit a roadblock. It seems I can't use the standard HTTP connector due to their specific HMAC authentication requirements. I tried building a custom connector, but I could use some guidance.

Here's the key challenge: Lexsynergy requires a unique "Authorization" header for each request, which involves:

Dynamic Timestamp: Including the current Unix timestamp.

Nonce Generation: Generating a unique random string (UUID v4).
Signature Calculation: Computing an HMAC-SHA256 hash of a string constructed from various elements.

https://portal.lexsynergy.com/uploads/lexsynergy-api_latest.html#introduction

A unique URL, method and body need to be signed for each request and it looks like only the URL and method are available as special variables in the apply key's context.
https://docs.workato.com/developing-connectors/sdk/sdk-reference/connection/authorization.html#apply

This is what I have so far. A working connection but that's it. The test block works only because that endpoint doesn't require a body and I could put an empty string.

{
  title: 'Lexsynergy',

  connection: {
    fields: [
      {
        name: 'api_key',
        optional: false,
        hint: 'Your Lexsynergy API key'
      },
      {
        name: 'api_secret',
        optional: false,
        hint: 'Your Lexsynergy secret key',
        control_type: 'password'
      }
    ],
    authorization: {
      type: 'custom_auth',
      acquire: lambda do |connection|
      end,
      apply: lambda do |connection|
      end
    },

    base_uri: lambda do |_connection|
      'https://api.lexsynergy.com/1.9/'
    end
  },

  test: lambda do |connection|
    url = 'https://api.lexsynergy.com/1.9/tlds.json'
    api_key = connection['api_key']
    api_secret = connection['api_secret']
    request = call(:request_signer, api_key, api_secret, 'GET', url, '')
    get(url).headers('Authorization': request['authorization_header'])
  end,

  custom_action: true,

  actions: {},

  triggers: {},

  methods: {
    request_signer: lambda do |api_key, api_secret, method, url, body|
      # Calculate timestamp and nonce
      timestamp = now.to_i.to_s
      nonce = uuid
      realm = 'api'

      # Construct the string to sign
      string_to_sign = "#{realm}\n#{api_key}\n#{nonce}\n#{timestamp}\n#{method.upcase}\n#{url}\n#{body}\n"

      # Generate HMAC signature
      signature = string_to_sign.hmac_sha256(api_secret)
      encoded_signature = signature.encode_base64

      # Construct the Authorization header
      authorization_header = "lexsynergy-http-hmac realm=#{realm}&key=#{api_key}&nonce=#{nonce}&timestamp=#{timestamp}&signature=#{encoded_signature}"
      { 'authorization_header' => authorization_header }
    end
  },

  object_definitions: {},

  pick_lists: {}
}

Appreciate all the help I can get on this one!

julie-reyes · yesterday

Hi,

Good day!

We do have a sample connector that uses HMAC, which you can find in our Community Library. I have included the link for your convenience: https://app.workato.com/custom_adapters/125161/code?community=true.

This should provide you with a good starting point for building your custom connector.

If you require further assistance or have any specific questions, I suggest submitting a ticket to our Support Portal. Our team of experts will be more than happy to assist you with any further queries or concerns you may have.

Thank you

View solution in original post

julie-reyes · yesterday

Hi,