I want to access the APIs in QuickBlox, but before that we need to authenticate our apps and get a session token, and using session token we can access the other APIs. But the problem is, when I send the authentication request using the required specification given on the QuickBloxwebsite, I am getting the error message:

{"errors":{"base":["Unexpected signature"]}}

The parameters to generate the signature is:

application_id=22&auth_key=wJHd4cQSxpQGWx5&nonce=33432&timestamp=1326966962

And then we convert it in HMAC-SHA format:

hash_hmac( 'sha1', $signatureStr , $authSecret);

Please help me to resolve this problem.

I wrote code snippet on php, it generates signature. It works good

this is my test application's credentials:

$application_id = 92;
$auth_key = "wJHdOcQSxXQGWx5";
$authSecret = "BTFsj7Rtt27DAmT";

$nonce = rand();
echo "<br>nonce: " . $nonce;

$timestamp = time();
echo "<br>timestamp: " . $timestamp ."<br>";

$stringForSignature = "application_id=".$application_id."&auth_key=".$auth_key."&nonce=".$nonce."&timestamp=".$timestamp;
echo $stringForSignature."<br>";

$signature = hash_hmac( 'sha1', $stringForSignature , $authSecret);
echo $signature;

hope this help

Problem solved

There was a problem in my request parameters.

$params = "application_id=$application_id&auth_key=$auth_key&timestamp=$timestamp&nonce=$nonce&signature=$signature&**auth_secret=$authSecret**";

In this parameter I was passing an extra parameter, my auth secret key which should not be there. I removed this parameter and now its working.

Here is full example how to create QuickBlox session:

<?php
// Application credentials
DEFINE('APPLICATION_ID', 92);
DEFINE('AUTH_KEY', "wJHdOcQSxXQGWx5");
DEFINE('AUTH_SECRET', "BTFsj7Rtt27DAmT");

// User credentials
DEFINE('USER_LOGIN', "emma");
DEFINE('USER_PASSWORD', "emma");

// Quickblox endpoints
DEFINE('QB_API_ENDPOINT', "https://api.quickblox.com");
DEFINE('QB_PATH_SESSION', "session.json");

// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."&timestamp=".$timestamp."&user[login]=".USER_LOGIN."&user[password]=".USER_PASSWORD;

echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);

// Build post body
$post_body = http_build_query(array(
                'application_id' => APPLICATION_ID,
                'auth_key' => AUTH_KEY,
                'timestamp' => $timestamp,
                'nonce' => $nonce,
                'signature' => $signature,
                'user[login]' => USER_LOGIN,
                'user[password]' => USER_PASSWORD
                ));

// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "&timestamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature . "&user[login]=" . USER_LOGIN . "&user[password]=" . USER_PASSWORD;

 echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response

// Execute request and read responce
$responce = curl_exec($curl);

// Check errors
if ($responce) {
        echo $responce . "\n";
} else {
        $error = curl_error($curl). '(' .curl_errno($curl). ')';
        echo $error . "\n";
}

// Close connection
curl_close($curl);
?>

You have to use your own application parameters:

• application_id
• auth_key

and random 'nonce' and current timestamp (not from example, you can get current timestamp on this site http://www.unixtimestamp.com/index.php)

Your code is right, but you must set proper parameters

1) You should send request to correct url.

to https://api.quickblox.com/auth.json

instead https://api.quickblox.com/session.json

2) You should fix SSL problem using this.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)

We use php, and next code works well for us:

<?php

$userLogin = '{YOUR_QB_USER}';
$userPassword = '{YOUR_QB_PASSWORD}';

$body = [
    'application_id' => '{YOUR_QB_APPLICATION_ID}',
    'auth_key' => '{YOUR_QB_AUTH_KEY}',
    'nonce' => time(),
    'timestamp' => time(),
    'user' => ['login' => $userLogin, 'password' => $userPassword]
];
$built_query = urldecode(http_build_query($body));
$signature = hash_hmac('sha1', $built_query , '{YOUR_QB_APP_SECRET}');
$body['signature'] = $signature;
$post_body = http_build_query($body);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://{YOUR_QB_HOST}/session.json');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$token = json_decode($response, true)['session']['token'];
printf('Your token is: %s %s', $token, PHP_EOL);