Hei, Greetings from Norway!

We are running API Connect 10.0.8.2 on CP4I 16.1.0 on Openshift.

We have two apps called app1 and app2.  The app1 has a REST API which uses OAuth 1.0

We are trying to create a "proxy" endpoint in APIC that takes OAuth 2.0 from app2 and uses OAuth 1.0 to app1?

Therefore we ran the GatewayScript below and have added theion-api-secret to the catalog properties. We get the following error, is there someway to fix this? Is this the correct approach to the problem?

GatewayScript:

---

//  Generate OAuth 1.0a header in GatewayScript
var crypto = require('crypto');
var timestamp = Math.floor(Date.now() / 1000);
var nonce = Math.random().toString(36).substring(2);

var consumerKey = 'XX_HLuXLTqeYv~GlkKNX';
var consumerSecret = context.get('ion-api-secret');
var method = 'GET';
var url = 'https://app1.company.no:9543';

var baseString = method + '&' + encodeURIComponent(url) + '&' +
  encodeURIComponent('oauth_consumer_key=' + consumerKey +
  '&oauth_nonce=' + nonce +
  '&oauth_signature_method=HMAC-SHA1' +
  '&oauth_timestamp=' + timestamp +
  '&oauth_version=1.0');

var signingKey = encodeURIComponent(consumerSecret); // Remove '&' if no token secret
var signature = crypto.createHmac('sha1', signingKey).update(baseString).digest('base64');

var authHeader = 'OAuth ' +
  'oauth_consumer_key="' + consumerKey + '",' +
  'oauth_signature_method="HMAC-SHA1",' +
  'oauth_timestamp="' + timestamp + '",' +
  'oauth_nonce="' + nonce + '",' +
  'oauth_version="1.0",' +
  'oauth_signature="' + encodeURIComponent(signature) + '"';

//console.log('Generated OAuth 1.0a header: ' + authHeader);
context.set('message.headers.Authorization', authHeader);

---

The error:

---

GatewayScript processing Error 'Error: *Named shared secret key 'XXtOc0GZ1MyVHwIJApHX' not found* In file 'gatewayscript:///modules/crypto.js' line:195, stack:Error: *Named shared secret key 'XXtOc0GZ1MyVHwIJApHX' not found* at Object.createHmac (gatewayscript:///modules/crypto.js:195:11) at Object.<anonymous>

---

 References:

https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module" href="https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module" rel="noreferrer noopener" target="_blank" class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" title="https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module">https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module

API Connect

Ibm		remove preview
API Connect Hello Everyone,We want to implement Checksum & GCM encryption using gateway script so can you guide us how we can implement this?------------------------------ View this on Ibm >

------------------------------
Abu Davis
------------------------------

Hi, 

My understanding is the crypto.createHmac function if you pass it a string expects it to be the name of the shared secret object in DataPower - if you're passing a predefined key you will need to pass it as a Buffer using something like:

var signature = crypto.createHmac('sha1', new Buffer(signingKey)).update(baseString).digest('base64');

Hopefully this helps you

Ricky

------------------------------
Ricky Moorhouse
IBM API Connect Cloud Architect
------------------------------

Original Message:
Sent: Wed July 02, 2025 06:58 AM
From: Abu Davis
Subject: Using HMAC credentials in APIC GatewayScript on CloudPak

Hei, Greetings from Norway!

We are running API Connect 10.0.8.2 on CP4I 16.1.0 on Openshift.

We have two apps called app1 and app2.  The app1 has a REST API which uses OAuth 1.0

We are trying to create a "proxy" endpoint in APIC that takes OAuth 2.0 from app2 and uses OAuth 1.0 to app1?

Therefore we ran the GatewayScript below and have added theion-api-secret to the catalog properties. We get the following error, is there someway to fix this? Is this the correct approach to the problem?

GatewayScript:

---

//  Generate OAuth 1.0a header in GatewayScript
var crypto = require('crypto');
var timestamp = Math.floor(Date.now() / 1000);
var nonce = Math.random().toString(36).substring(2);

var consumerKey = 'XX_HLuXLTqeYv~GlkKNX';
var consumerSecret = context.get('ion-api-secret');
var method = 'GET';
var url = 'https://app1.company.no:9543';

var baseString = method + '&' + encodeURIComponent(url) + '&' +
  encodeURIComponent('oauth_consumer_key=' + consumerKey +
  '&oauth_nonce=' + nonce +
  '&oauth_signature_method=HMAC-SHA1' +
  '&oauth_timestamp=' + timestamp +
  '&oauth_version=1.0');

var signingKey = encodeURIComponent(consumerSecret); // Remove '&' if no token secret
var signature = crypto.createHmac('sha1', signingKey).update(baseString).digest('base64');

var authHeader = 'OAuth ' +
  'oauth_consumer_key="' + consumerKey + '",' +
  'oauth_signature_method="HMAC-SHA1",' +
  'oauth_timestamp="' + timestamp + '",' +
  'oauth_nonce="' + nonce + '",' +
  'oauth_version="1.0",' +
  'oauth_signature="' + encodeURIComponent(signature) + '"';

//console.log('Generated OAuth 1.0a header: ' + authHeader);
context.set('message.headers.Authorization', authHeader);

---

The error:

---

GatewayScript processing Error 'Error: *Named shared secret key 'XXtOc0GZ1MyVHwIJApHX' not found* In file 'gatewayscript:///modules/crypto.js' line:195, stack:Error: *Named shared secret key 'XXtOc0GZ1MyVHwIJApHX' not found* at Object.createHmac (gatewayscript:///modules/crypto.js:195:11) at Object.<anonymous>

---

 References:

https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module" href="https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module" rel="noreferrer noopener" target="_blank" class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" title="https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module">https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=apis-crypto-module

API Connect

Ibm		remove preview
API Connect Hello Everyone,We want to implement Checksum & GCM encryption using gateway script so can you guide us how we can implement this?------------------------------ View this on Ibm >

------------------------------
Abu Davis
------------------------------