Free Support Forum -

Cloud Request Format Authentication Example

Looking at the example in

there are two different values for the value of Key.

In the text it says key = 23e9d89a967a5f18142221fa8f7cbcd0):
Yet in the code is key = “23e9d89a967a5f18142221fa8f7cbcd0”;

I am trying to build a prototype in Delphi but cannot get the value quoted for the hash value. I then tried taking the C# code directly from the page and got the same value for the hash as I did in Delphi.

This table presents my results.
SID: c821f123-1a8b-4b97-925a-9d69a6b2fcd8
Passed to SHA1 Hash function:
Results after Hash (step 4)
Documented ?? C# Delphi
Key: 23e9d89a967a5f18142221fa8f7cbcd0 Z98TBrlwdtx3pTa6fWVD/Q0c2dE= JgLReiOyORY8BYpCJ32CbCc0UHg JgLReiOyORY8BYpCJ32CbCc0UHg
23e9d89a967a5f18142221fa8f7cbcd0): Z98TBrlwdtx3pTa6fWVD/Q0c2dE= psj/voj0uG7xvKXXM5rt63hAEic= psj/voj0uG7xvKXXM5rt63hAEic=

I have spent over a day trying to work this out - what am I doing wrong or is the example given wrong?

Delphi code:

procedure TAsposeAuthenticator.DoAuthenticate( ARequest : TCustomRESTRequest );
hashed : TIdBytes;
req, sign : AnsiString;
req := AnsiString( ARequest.Resource );
req := req + AnsiString( '?appSID=' ) + mySID;
req := RemoveTrailing( '/', req );

with TIdHMACSHA1.Create do
Key := ToBytes( myKey );
hashed := HashValue( ToBytes( req ) );

sign := RemoveTrailing( '=', EncodeBase64( hashed, Length( hashed ) ) );
sign := TURI.urlEncode( sign ); // codes are produced in upper case
req := req + AnsiString( '&Signature=' ) + sign;

procedure TestAuthenticator( ARequest : TCustomRESTRequest );
Authenticator : TAsposeAuthenticator;
Authenticator := TAsposeAuthenticator.Create( ARequest, 'c821f123-1a8b-4b97-925a-9d69a6b2fcd8', '23e9d89a967a5f18142221fa8f7cbcd0' );
Authenticator.DoAuthenticate( ARequest );
if StrPos( ARequest.Resource, '' ) > 0 then
ShowMessage( ARequest.Resource + #10#13'Passed' )
ShowMessage( ARequest.Resource + #10#13'Failed' );

Hi Denver,

The key your shared is not the actual key; it is just an example to show how to use your keys. You need to sign up for a new account at to get your App SID and Key. Please check 'Getting Started' section from the attached HTML for more details.

Best Regards,

Hi Muhammad,

I realize that the SID and Key are not registered because of the highlighted note at the between the steps and code example which reads:

We didn’t use registered application ID and application key here, so the resulting URL does not pass authorization but all calculation were completed using real algorithm, so you can use the results for internal testing.

From reading that note I assumed that if I fed the appSID and key listed into my code I should end up with the Signature listed. But I didn’t!

So my question still stands: Is my code wrong or is your example wrong?

Hi Denver,

We do not have the SDK or code for Delphi yet, however, we are investigating your code to check why it is not producing the correct signature and will update you soon.

Best Regards,