I am trying to connect to an API that uses an outdated hmac hash authentication mechanism for the API's.
For an instance:
$signature = hash_hmac('sha256', $string_to_sign, $api_sec);
vs the one generated in Go:
h := hmac.New(sha256.New, []byte(authSecret))
h.Write([]byte(stringToSign))
signature := hex.EncodeToString(h.Sum(nil))
When I use the same stringToSign($string_to_sign) and same authSecret($api_sec) the signature generated with Go results as an invalid signature for the API. But if I create the same with the PHP function it works fine. I am a bit lost as to where to look.
There must be an issue with your input data.
Using the below PHP:
echo hash_hmac('sha256', 'data', 'key');
And the below Go:
h := hmac.New(sha256.New, []byte("key"))
h.Write([]byte("data"))
signature := hex.EncodeToString(h.Sum(nil))
fmt.Println(signature)
I get the same result of 5031fe3d989c6d1537a013fa6e739da23463fdaec3b70137d828e36ace221bd0