node.js 客户端的 Adob​​e Analytics Segments API 身份验证问题

Adobe Analytics Segments API auth issue with node.js client

我在尝试通过 node.js 客户端使用 Segments API 时遇到授权问题。 停止拐弯抹角,在管理 POST 请求和通过 x-wsse headers 授权的部分下面:

var now = new Date();
var options = {
     method: "POST",
     hostname: "api3.omniture.com",
     path: "/admin/1.4/rest/?method=Segments.Get",
     json: true,
     headers: {
            "Content-Type": "application/json",
            "Content-Length" : Buffer.byteLength(JSON.stringify(body)),
            "x-wsse": 'UsernameToken Username="[username]:[company]", PasswordDigest="xxxxxxxxxxxxxxxxxxxxxxxxxx==", Nonce="yyyyyyyyyyyyyyyyyyyyyyyyyy", Created="'+now+'"'
     }
};

如您所见,我正在尝试复制 API 资源管理器生成的 x-wsse,通过 Date() JS class 动态指定创建的时间戳。 节点客户端向我报告此错误:
{"error":"Bad Request","error_description":"Unable to validate authentication.","error_uri":null}

我想 x-wsse PasswordDigest 和 Nonce 值也会在每次请求时不断变化,而在这里我将它们设为静态。 如果这是问题的原因,如何在 x-wsse header 中动态插入这些参数?

非常感谢。

是的,PasswordDigestCreated 值也是动态生成的,因为它们基于您生成的值。我对 node.js 的了解还不足以向您展示一个 node.js 示例,但这里有一个 php 我所做的示例,并附有一些评论:

$username='user:company';
$secret='12345'; // api shared secret key for the user
// The nonce should be a universally unique value. I use a timestamp based value and prefix with a namespace to help make it unique, because AA request digests have to be unique across everybody everywhere ever
$nonce = 'FOO_'.dechex(time());
// datetime stamp in ISO 8601 date format (e.g. '2004-02-12T15:19:21+00:00')
$nonce_ts = date('c');
// Adobe expects the PasswordDigest to be a concatenated string value of the nonce, datetimestamp, and api key. They expect it to be hashed (sha1) and then base64 encoded
$digest = base64_encode(sha1($nonce.$nonce_ts.$secret));
$server = "https://api.omniture.com";
$path = "/admin/1.4/rest/";
$rc=new SimpleRestClient();
$rc->setOption(CURLOPT_HTTPHEADER, array("X-WSSE: UsernameToken Username=\"$username\", PasswordDigest=\"$digest\", Nonce=\"$nonce\", Created=\"$nonce_ts\""));