• 0
Mosh

Google Apps Script to LogicMonitor REST API

Question

I am trying to use the REST API from Google Apps Script but having trouble getting the auth signature to match the expected values.  The code executes but I get HTTP 403 back because the auth signature is not as expected.  Here's my Google  Apps Script code, hoping someone from LM can point me in the right direction.  

I know my accessKey etc. are okay as my PowerShell code works just fine.

Thanks in advance.

 

  var httpVerb = "GET";
  
  var epoch = (new Date).getTime();
  
  var resourcePath = "/device/groups";
  var queryParams = "?filter=fullPath~Business Services&fields=id,name";

 
  // Construct signature 

  var requestVars = httpVerb + epoch + resourcePath;

  var message = requestVars;
  var secret = accessKey;
  
  var signature = Utilities.computeHmacSha256Signature(message, secret, Utilities.Charset.UTF_8);
  
  var signatureHex = "";

  for (var i = 0; i < signature.length; i++)
  {
    signatureHex += (signature[i]).toString(16);
  }
 
  signatureHex = signatureHex.split("-").join("");  

  signature = Utilities.base64Encode(signatureHex);
    
  Logger.log(signatureHex);  
  Logger.log(signature);
 
   
  // Construct HTTP request headers 

  var auth = "LMv1 " + accessId + ":" + signature + ":" + epoch;
  
  var options = 
  {
    "Authorization" : auth,
    "method" : httpVerb,
    "contentType" : "application/json"
  };
  
  var url = "https://" + accessCompany + ".logicmonitor.com/santaba/rest" + resourcePath + queryParams;

  var response = UrlFetchApp.fetch(url, options);
  
  Logger.log(response.getContentText());

 

 

Edited by Mosh

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Hi Mosh,

I added a Node.js example for our REST API, similar to what you're trying to do, on this page: https://www.logicmonitor.com/support/rest-api-developers-guide/overview/using-logicmonitors-rest-api.

It may need slight modification to work with the Google Apps Script Editor - I can try to come up with a version that works for Google Apps Scripts.  In the meantime, you can use this page to troubleshoot: https://www.logicmonitor.com/support/rest-api-developers-guide/overview/api-troubleshooting/.  The issue is probably in the calculation of the signature, and that page provides static values as well as what signature and intermediate values you should get for those static values.

Thanks!

Sarah

 

Share this post


Link to post
Share on other sites
  • 0

Hi Sarah,

Unfortunately I can't use the CryptoJS library in the Google Apps Script environment, not without having to make changes.  Google provides it's own HMAC SHA 256 functions in their Apps Script Utilities class, but I don't appear to be getting the same results.  It would be good to have a native GAS example that only uses the GAS Utilities library for the HMAC and Base 64 stuff.  

I used what seems like the obvious function from the GAS Utilties class based on your Python sample code, but the results are not the same.
https://developers.google.com/apps-script/reference/utilities/utilities

Share this post


Link to post
Share on other sites
  • 0

I've figured it out! :)  Needed to convert the byte array returned by Google's HMAC signature function into a  hexadecimal string before base64 encoding it.

 

Share this post


Link to post
Share on other sites
  • 0

For info, HMAC byte array conversion to hex string.

var HexUtils = 
{
  convertByteArrayToHex : function(byteArray)
  {
    var hex = "";

    byteArray.forEach(function(byteValue) { hex += HexUtils.convertByteToHex(byteValue) });

    return hex;  
  },

  convertByteToHex : function(b) 
  {
    var hexChar = ["0", "1", "2", "3", "4", "5", "6", "7","8", "9", "a", "b", "c", "d", "e", "f"];
  
    return hexChar[(b >> 4) & 0x0f] + hexChar[b & 0x0f];
  }
};
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.