1. This forum is obsolete and read-only. Feel free to contact us at support.keenswh.com

[Solved] Making POST Requests with the remote API

Discussion in 'Modding' started by TopHatTim, Feb 3, 2019.

Thread Status:
This last post in this thread was made more than 31 days old.
  1. TopHatTim

    TopHatTim Trainee Engineer

    I'm trying to send chat messages using the route:

    I can't figure out how the authentication works, so I just get a 403 forbidden error.

    Any clues? :)

    Edit: Perhaps I should rephrase - there is no information about how to use the API key as authorisation or how to create a user (or use the default admin user?) as auth if that's what is required.
    Edit 2: Solved below in 3rd comment
    Last edited: Feb 9, 2019
  2. CptTwinkie

    CptTwinkie Master Engineer

    403 means you don't have access to it with the credentials provided.
    Either you haven't been granted access or you have been authenticated as an anonymous user.

    Basically, you need to be an authenticated user before you access gamechat. You cannot send http get to gamechat and authorize after.
  3. TopHatTim

    TopHatTim Trainee Engineer

    I have tried sending the request with the authorisation set to the API key, I have full access to the server to set up any access I need just don't understand how to send the authentication in the right format I think.
    I just want to have the same functionality as in the remote client but through a HTTP request instead of the tool.
  4. TopHatTim

    TopHatTim Trainee Engineer

    I did manage to figure this out with help from Deepflame.

    The authorization uses a message made up of the API route you are requesting, a nonce (random integer) and the date you make the request. This message is then encrypted using HMAC SHA-1 and the remote API key decoded from base64 into a buffer as the key. Then we get our authorization hash by encoding this in base64. We then use this information in the authorization header in the format "Authorization: <NONCE>:<HASH>"

    Also have to include the Date header with the same date value used in the authorization message.

    Here's my test code (NodeJS) which allows me to send the message "api test" to the server.

    	let nonce = function(length) {
    		var text = "";
    		var possible = "0123456789";
    		for(let i = 0; i < length; i++) {
    			text += possible.charAt(Math.floor(Math.random() * possible.length));
    		return text;
    	const today = moment();
    	const date = `${today.format('ddd, DD MMM YYYY HH:mm:ss')} GMT`
    	const myNonce = nonce(9)
    	const message = (`/vrageremote/v1/session/gamechat\r\n${myNonce}\r\n${date}\r\n`)
    	const key = Buffer.from(process.env.MEDIEVAL_API_KEY, 'base64')
    	const hash = crypto.createHmac('sha1', key).update(message).digest('base64')
    	const data = JSON.stringify({
    		'RecipientIdentityId': null,
    		'Message': 'api test'
    	fetch(`https://${process.env.MEDIEVAL_DS_ADDRESS}:${process.env.MEDIEVAL_API_PORT}/vrageremote/v1/session/gamechat`, {
    		method: 'POST',
    		body: data,
    		headers: {
    			'Date': date,
    			'Authorization': `${myNonce}:${hash}`,
    			'Accept': 'application/json',
    			'Content-Type': 'application/json'
    	.then(res => console.log(res))
    Last edited: Feb 13, 2019
Thread Status:
This last post in this thread was made more than 31 days old.