Therefore, I use AFNetworking to use the API.
This API requires all requests to be signed using hmac. Hmac is calculated by a combination of headers, url and body. Then hmac is added as a custom header to the request.
Calculating hmac and adding it to the headers is not a problem. However, it seems that some headers are added "last minute" before processing the request.
My API Client is a subclass AFHTTPSessionManager, and I was looking for a better place to sign, and currently I am doing this by overloading:
- (NSURLSessionDataTask *)dataTaskWithRequest:(NSURLRequest *)request
completionHandler:(void (^)(NSURLResponse *response, id responseObject, NSError *error))completionHandler
When I simulate requests on the API test server to see which headers I get, there are always two additional headers that are not there when I signed the request: Accept-Encodingand Connection, sometimes I also get the header Cookie.
The only titles that I add, in addition to the signature hmac, are Acceptand Content-Typeand customizable header specific to APII, pointing to my client's key.
So my question is: what is the best way / place for this signing?
source
share