인증 서명
Marketo API 보안은 HTTPS를 통해 전송된 메시지와 함께 HMAC-SHA1 서명을 기반으로 간단하면서도 매우 안전한 모델을 사용합니다. 이 모델의 주요 장점은 상태 비저장 인증을 제공한다는 것입니다.
HMAC-SHA1 서명에는 다음이 필요합니다.
- 서비스 요청과 함께 전송되는 사용자 ID(액세스 키라고도 함)
- 공유 암호 키와 메시지 콘텐츠를 사용하여 계산되며 서비스 요청과 함께 전송되는 서명입니다.
- 서비스 요청과 함께 전송되지 않는 공유 암호 키(암호화 키라고도 함)
클라이언트 프로그램은 공유된 비밀 키 및 요청 메시지 콘텐츠의 일부를 사용하여 HMAC-SHA1 서명을 계산한다. SOAP 메시지와 함께 인증 정보를 전달하려면 클라이언트에 SOAP 헤더인 AuthenticationHeaderInfo가 포함되어야 합니다.
다음 의사 코드는 알고리즘을 보여 줍니다.
// Request timestamp: a timestamp string in W3C WSDL date format
stringToEncrypt = requestTimestamp + clientAccessID;
signatureBytes = Encryter.encrypt('SHA1', secretKey, stringToEncrypt);
signature = toLowerCase( hexEncode(signatureBytes) );
authHeader = "<ns1:AuthenticationHeader>" +
"<mktowsUserId>" + clientAccessID + "</mktowsUserId>" +
"<requestSignature>" + signature + "</requestSignature>" +
"<requestTimestamp>" + requestTimestamp + "</requestTimestamp>"
"</ns1:AuthenticationHeader>";
요청 헤더
필드 이름
필수/선택 사항
설명
mktowsUserId
필수 여부
Marketo 클라이언트 액세스 ID는 통합 아래의 Marketo admin SOAP API 패널에 있습니다.
requestSignature
필수 여부
공유 암호 키,
requestTimestamp
및 Marketo 사용자 ID를 기반으로 하는 HMAC-SHA1 서명requestTimestamp
필수 여부
요청 타임스탬프(W3C WSDL 날짜 형식 Ex. "2013-06-09T14:04:54-08:00")
요청 XML - getLeadActivity
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mkt="http://www.marketo.com/mktows/">
<soapenv:Header>
<mkt:AuthenticationHeader>
<mktowsUserId>mktodemoaccount881_536240405411DF5316D5C9</mktowsUserId>
<requestSignature>3f4b21eb586063dc65774a2733713cac342e9c81</requestSignature>
<requestTimestamp>2017-03-09T17:40:00-08:00</requestTimestamp>
</mkt:AuthenticationHeader>
</soapenv:Header>
<soapenv:Body>
<mkt:paramsGetLeadActivity>
<leadKey>
<keyType>IDNUM</keyType>
<keyValue>318815</keyValue>
</leadKey>
<activityFilter>
<includeTypes>
<activityType>NewLead</activityType>
</includeTypes>
</activityFilter>
</mkt:paramsGetLeadActivity>
</soapenv:Body>
</soapenv:Envelope>
응답 XML - 성공
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns1="http://www.marketo.com/mktows/">
<SOAP-ENV:Body>
<ns1:successGetLeadActivity>
<leadActivityList>
<returnCount>1</returnCount>
<remainingCount>0</remainingCount>
<newStartPosition>
<latestCreatedAt xsi:nil="true"/>
<oldestCreatedAt xsi:nil="true"/>
<activityCreatedAt xsi:nil="true"/>
<offset>1</offset>
</newStartPosition>
<activityRecordList>
<activityRecord>
<id>12025714</id>
<activityDateTime>2015-09-04T16:07:16-05:00</activityDateTime>
<activityType>New Lead</activityType>
<mktgAssetName/>
<activityAttributes>
<attribute>
<attrName>Source Type</attrName>
<attrType xsi:nil="true"/>
<attrValue>Web service API</attrValue>
</attribute>
<attribute>
<attrName>Source Info</attrName>
<attrType xsi:nil="true"/>
<attrValue>Web service API</attrValue>
</attribute>
<attribute>
<attrName>Created Date</attrName>
<attrType xsi:nil="true"/>
<attrValue>2015-09-04</attrValue>
</attribute>
<attribute>
<attrName>Lead ID</attrName>
<attrType xsi:nil="true"/>
<attrValue>318815</attrValue>
</attribute>
</activityAttributes>
<campaign/>
<personName xsi:nil="true"/>
<mktPersonId>318815</mktPersonId>
<foreignSysId xsi:nil="true"/>
<orgName xsi:nil="true"/>
<foreignSysOrgId xsi:nil="true"/>
</activityRecord>
</activityRecordList>
</leadActivityList>
</ns1:successGetLeadActivity>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope
응답 XML - 실패(잘못된 자격 증명)
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring>20014 - Authentication failed</faultstring>
<detail>
<ns1:serviceException xmlns:ns1="http://www.marketo.com/mktows/">
<name>mktServiceException</name>
<message>Authentication failed (20014)</message>
<code>20014</code>
</ns1:serviceException>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
샘플 코드 - PHP
<?php
$marketoSoapEndPoint = ""; // CHANGE ME
$marketoUserId = ""; // CHANGE ME
$marketoSecretKey = ""; // CHANGE ME
$marketoNameSpace = "http://www.marketo.com/mktows/";
// Create Signature
$dtzObj = new DateTimeZone("America/Los_Angeles");
$dtObj = new DateTime('now', $dtzObj);
$timeStamp = $dtObj->format(DATE_W3C);
$encryptString = $timeStamp . $marketoUserId;
$signature = hash_hmac('sha1', $encryptString, $marketoSecretKey);
// Create SOAP Header
$attrs = new stdClass();
$attrs->mktowsUserId = $marketoUserId;
$attrs->requestSignature = $signature;
$attrs->requestTimestamp = $timeStamp;
$authHdr = new SoapHeader($marketoNameSpace, 'AuthenticationHeader', $attrs);
print_r($authHdr)
?>
샘플 코드 - Java
import com.marketo.mktows.*;
import java.net.URL;
import javax.xml.namespace.QName;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
public class AuthenticationHeader {
public static void main(String[] args) {
try {
URL marketoSoapEndPoint = new URL("CHANGE ME" + "?WSDL");
String marketoUserId = "CHANGE ME";
String marketoSecretKey = "CHANGE ME";
QName serviceName = new QName("http://www.marketo.com/mktows/", "MktMktowsApiService");
MktMktowsApiService service = new MktMktowsApiService(marketoSoapEndPoint, serviceName);
MktowsPort port = service.getMktowsApiSoapPort();
// Create Signature
DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
String text = df.format(new Date());
String requestTimestamp = text.substring(0, 22) + ":" + text.substring(22);
String encryptString = requestTimestamp + marketoUserId ;
SecretKeySpec secretKey = new SecretKeySpec(marketoSecretKey.getBytes(), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(secretKey);
byte[] rawHmac = mac.doFinal(encryptString.getBytes());
char[] hexChars = Hex.encodeHex(rawHmac);
String signature = new String(hexChars);
// Set Authentication Header
AuthenticationHeader header = new AuthenticationHeader();
header.setMktowsUserId(marketoUserId);
header.setRequestTimestamp(requestTimestamp);
header.setRequestSignature(signature);
JAXBContext context = JAXBContext.newInstance(AuthenticationHeader.class);
Marshaller m = context.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
m.marshal(header, System.out);
}
catch(Exception e) {
e.printStackTrace();
}
}
}
샘플 코드 - 루비
require 'savon' # Use version 2.0 Savon gem
require 'date'
mktowsUserId = "" # CHANGE ME
marketoSecretKey = "" # CHANGE ME
marketoSoapEndPoint = "" # CHANGE ME
marketoNameSpace = "http://www.marketo.com/mktows/"
#Create Signature
Timestamp = DateTime.now
requestTimestamp = Timestamp.to_s
encryptString = requestTimestamp + mktowsUserId
digest = OpenSSL::Digest.new('sha1')
hashedsignature = OpenSSL::HMAC.hexdigest(digest, marketoSecretKey, encryptString)
requestSignature = hashedsignature.to_s
#Create SOAP Header
headers = {
'ns1:AuthenticationHeader' => { "mktowsUserId" => mktowsUserId, "requestSignature" => requestSignature,
"requestTimestamp" => requestTimestamp
}
}
client = Savon.client(wsdl: 'http://app.marketo.com/soap/mktows/2_3?WSDL', soap_header: headers, endpoint: marketoSoapEndPoint, open_timeout: 90, read_timeout: 90, namespace_identifier: :ns1, env_namespace: 'SOAP-ENV')
recommendation-more-help
bb269a6d-047a-4bf7-9acd-23ad9a63dc59