<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Brilliant !<br>
<br>
I am almost there. My test code, shown below, now runs but
returns
'oauth_problem=signature_invalid&oauth_problem_advice=Failed%20to%20validate%20signature'<br>
<br>
<br>
<br>
var<br>
HTTPStream : TStringStream;<br>
FormParams : TStringList;<br>
URL : AnsiString;<br>
HTTPResonse : AnsiString;<br>
begin<br>
FormParams := TStringList.Create;<br>
HTTPStream := TStringStream.Create('');<br>
try<br>
URL := '<a class="moz-txt-link-freetext" href="https://api.xero.com/api.xro/2.0/TaxRates">https://api.xero.com/api.xro/2.0/TaxRates</a>';<br>
<br>
try<br>
OAuthSignRequest(fIdHTTP.Request, 'TaxRates', URL,
FormParams);<br>
fIdHTTP.Get(URL, HTTPStream);<br>
except<br>
on e : EIdHTTPProtocolException do begin<br>
Memo1.Text := e.ErrorMessage;<br>
end;<br>
end;<br>
HTTPStream.Position := 0;<br>
HTTPResonse := HTTPStream.ReadString(HTTPStream.Size);<br>
<br>
if (HTTPResonse <> '') then begin<br>
Memo1.Text := HTTPResonse;<br>
end;<br>
finally<br>
HTTPStream.Free;<br>
FormParams.Free;<br>
end;<br>
<br>
<br>
//This is all the code in OAuthSignRequest(...)<br>
classFloOAuth.OAuthSignRequest(aRequest, aMethod, aURL,
aFormParams, fConsumerKey, fConsumerKey, PRIVATE_KEY);<br>
<br>
<br>
For my private key, I have opened xero_privatekey.pcks8 and set it
up as a constant (without header, footer and Carriage returns)<br>
<br>
<br>
I guess there is some sort of problem with either my Encoding or
my Private key (Which comes from xero_privatekey.pcks8, created by
OPenSSL as per xero instructions). I suspect its the encoding and
have rechecked the code, I discovered a number of places doing a
UTF8Encode() on string values which I had changed to AnsiString,
so I have changed them where appropriate to UTF8String.<br>
<br>
Do you my any change know if there is an easy way to validate me
signature? <br>
<br>
Cheers<br>
Rob<br>
<br>
<br>
On 8/07/2014 2:45 p.m., Jolyon Smith wrote:<br>
</div>
<blockquote
cite="mid:CALXexOoFSQctFroGzjardp-newU8zjynoqipUCT0J_7_ouZByw@mail.gmail.com"
type="cite">
<div dir="ltr"><span
style="color:rgb(121,121,121);font-family:Helvetica,sans-serif;font-size:15px;line-height:22px">From
the Xero API docs site:<br>
<br>
</span>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span
style="color:rgb(121,121,121);font-family:Helvetica,sans-serif;font-size:15px;line-height:22px">Once
you have added a private app you will be given a consumer
key to use. <b>The consumer key is also used as the access
token. The consumer secret is not used for private apps</b>.</span></blockquote>
<div><span
style="color:rgb(121,121,121);font-family:Helvetica,sans-serif;font-size:15px;line-height:22px"><br>
</span></div>
<div><font color="#797979" face="Helvetica, sans-serif"><span
style="font-size:15px;line-height:22px">In the original
implementation from which the sample code was provided,
the application allows for Consumer Key, Access Token,
Consumer Secret and App Secret all to be configured
separately if/as required, and whatever is configured is
then passed to the request signing method. This was to
support potential OAuth based API's other than Xero which
might not necessarily employ the same rules.</span></font></div>
<div><font color="#797979" face="Helvetica, sans-serif"><span
style="font-size:15px;line-height:22px"><br>
</span></font></div>
<div><font color="#797979" face="Helvetica, sans-serif"><span
style="font-size:15px;line-height:22px">i.e in that
application the Consumer Key and Token are configured with
the same value.</span></font></div>
<div><font color="#797979" face="Helvetica, sans-serif"><span
style="font-size:15px;line-height:22px"><br>
</span></font></div>
<div><font color="#797979" face="Helvetica, sans-serif"><span
style="font-size:15px;line-height:22px">In your case, for
a Xero private app, use the overload which does not
require any Consumer Secret but only Consumer Key, Token
(for Xero, using the same value as the Consumer Key) and
your application Private Key.</span></font></div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 8 July 2014 14:14, Robert Martin <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rob@chreos.co.nz" target="_blank">rob@chreos.co.nz</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Joylon<br>
<br>
Thanks for that. I will make it ANSI. Before I do I
have a couple of extra questions, hopefully that will be
it....<br>
<br>
I assume conkey and consecret are my consumer public
& private keys. However I am unsure about tok
(which I assume is a public token). In a public app I
would be assigned a token as part of the login process,
where do I get this from for a private login? Is it my
apps name?<br>
<br>
Cheers<br>
Rob
<div class=""><br>
<br>
On 8/07/2014 12:56 p.m., Jolyon Smith wrote:<br>
</div>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="">You can ignore the ProcessTags() calls -
essentially they just do variable substitution
within the strings involved.<br>
<br>
</div>
There is no login for private Xero apps, which are
tied to a specific Xero organisation. Â You need to
setup your application on the Xero API end for that
specific organisation, to generate the required key
and secrets etc which you use to do the signing of
your requests.<br>
<br>
<br>
<div>w.r.t Unicode, the code was written for
deployment with a pre-Unicode Delphi compiler.
 Some of the code was either written for or adapted
from libraries which were or had been ANSI-fied to
ensure consistent behaviour for use with Unicode
versions of Delphi, but the remaining code otherwise
assumes ANSI strings. Â If you are using a Unicode
Delphi version you should change <b>all </b>declarations
to ANSIString to maintain the intended behaviour and
be careful of implicit string conversions when
making calls into the routines.
<div class=""><br>
<br>
To make it properly Unicode enabled may involve
more significant change than that.
<div><br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
<div class="">On 8 July 2014 11:43, Robert Martin <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rob@chreos.co.nz" target="_blank">rob@chreos.co.nz</a>></span>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Cameron <br>
<br>
Sorry to bug you but.... I have the code
installed and compiling however I am a bit
unsure as to the process involved.<br>
<br>
For Public apps you go through a process of
logging in and getting a token. <br>
<div class=""> <br>
For private applications do you just call
the API you want and encode the call using
'OAuthSignRequest(fHTTP.Request, 'POST',
lURL);' or do you need to do some sort of
log in as well?<br>
<br>
In the OAuthSignRequest method there are
calls to a function called ProcessTags( as
below...<br>
<br>
</div>
  conkey   :=
ProcessTags(OAuthConsumerKey,   Locals,
Partner);<br>
   consecret :=
ProcessTags(OAuthConsumerSecret, Locals,
Partner);<br>
   tok      :=
ProcessTags(OAuthTokenKey,      Locals,
Partner);<br>
   toksecret :=
ProcessTags(OAuthTokenSecret,   Locals,
Partner);<br>
<br>
I guess this function would be in the
classFloCommon.pas (not included) that we 'can
easily replace'. Unfortunately I have no
idea what this function does or what its
inputs are asside from it returning a string
and that all the parameters are globals !Â
Any hints?
<div class=""><br>
<br>
Sorry to be a pain but this OAuth stuff is
like pulling teeth. <br>
<div> <br>
<br>
Cheers<br>
Rob<br>
<br>
<br>
<br>
On 8/07/2014 9:54 a.m., Cameron Hart
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">this
code has been shared with Xero a
while ago on their forum.Â
thereâs a copy on <a
moz-do-not-send="true"
href="ftp://ftp.flow.net.nz/RELEASE/Code/"
target="_blank">ftp://ftp.flow.net.nz/RELEASE/Code/</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Â </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Â </span></p>
<div class="">
<table style="width:525.0pt"
cellpadding="0" width="700"
border="0">
<tbody>
<tr style="height:26.25pt">
<td colspan="4"
style="padding:0cm 0cm 0cm
0cm;height:26.25pt">
<p class="MsoNormal"><b><span>Cameron
Hart </span></b><span></span></p>
</td>
</tr>
<tr>
<td
style="width:17.25pt;padding:0cm
0cm 0cm 0cm" width="23"><br>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><b><span>Flow
Software Limited </span></b><span></span></p>
</td>
<td rowspan="4"
style="width:3.75pt;padding:0cm
0cm 0cm 0cm" valign="bottom"
width="5">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><img
src="cid:part4.04040100.00000508@chreos.co.nz" width="1" border="0"
height="55"></span><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm
0cm"><br>
</td>
<td rowspan="4"
style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><img
src="cid:part5.09090108.02090400@chreos.co.nz" alt="Flow" width="158"
border="0" height="38"></span><span></span></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm
0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span>PO
Box 302 768, North Harbour
</span><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><b><span>P
</span></b><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span>+64
9 476 3569</span><span></span></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm
0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span>Auckland
0751, New Zealand </span><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><b><span>M
</span></b><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span>+64
21 222 3569 </span><span></span></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm
0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><a
moz-do-not-send="true"
href="http://www.flowsoftware.co.nz"
target="_blank"><span>www.flowsoftware.co.nz
</span></a></span><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><b><span>E
</span></b><span></span></p>
</td>
<td style="padding:0cm 0cm 0cm
0cm">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><a
moz-do-not-send="true"
href="mailto:cameron.hart@flowsoftware.co.nz"
target="_blank"><span>cameron.hart@flowsoftware.co.nz
</span></a></span><span></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Â </span><span></span></p>
<div class="">
<table style="width:487.5pt"
cellpadding="0" width="650"
border="0">
<tbody>
<tr style="height:26.25pt">
<td style="padding:0cm 0cm 0cm
0cm;height:26.25pt">
<p class="MsoNormal"><span>This
message is intended for
the addressee named above.
It may contain privileged
or confidential
information. If you are
not the intended recipient
of this message you must
not use, copy, distribute
or disclose it to anyone.
</span> <span></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#92c75f">Â </span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
</span><span
style="font-size:8.0pt;font-family:Webdings;color:#92c75f">P</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
</span><span>Please consider the
environment before printing this
email</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
</span><span></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Â </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Â </span></p>
<div class="">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> <a
moz-do-not-send="true"
href="mailto:delphi-bounces@listserver.123.net.nz"
target="_blank">delphi-bounces@listserver.123.net.nz</a>
[<a moz-do-not-send="true"
href="mailto:delphi-bounces@listserver.123.net.nz"
target="_blank">mailto:delphi-bounces@listserver.123.net.nz</a>]
<b>On Behalf Of </b>Jolyon Smith<br>
<b>Sent:</b> Tuesday, 8 July 2014
9:14 a.m.<br>
<b>To:</b> NZ Borland Developers
Group - Delphi List<br>
<b>Subject:</b> Re: [DUG] Xero
private API (OAuth)</span></p>
</div>
<p class="MsoNormal">Â </p>
<div>
<p class="MsoNormal">This was a nut I
had to crack at Flow. Â I was
successful in this endeavour but I'm
not at liberty to share the fruits
of those labors. Â If you ask nicely
however, Cameron might be willing to
help.</p>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">Â </p>
<div>
<div class="">
<p class="MsoNormal">On 8 July
2014 08:52, Robert Martin <<a
moz-do-not-send="true"
href="mailto:rob@chreos.co.nz"
target="_blank">rob@chreos.co.nz</a>>
wrote:</p>
</div>
<div class="">Hi<br>
<br>
I have been doing some work with
the Xero API and have public OAuth<br>
</div>
working fine. Â However I actually
need to use the private API which<br>
requires RSA-SHA1 Â which I believe
just means RSA signing. Â Is that
correct?
<div class=""><br>
<br>
If so does anyone have any code
examples of RSA signing, I have
found<br>
LockBox 3 which is supposed to do
it but I just cant get it
installed,<br>
although the source has a XE2
project group the code is full of
errors !<br>
<br>
I am looking at using the openSLL
dll calls to do it myself as an<br>
alternative but sample code is
scarce. I will continue looking
but if<br>
anyone has any pointers I would be
grateful :)<br>
<br>
Cheers<br>
Rob<br>
<br>
_______________________________________________<br>
NZ Borland Developers Group -
Delphi mailing list<br>
Post: <a moz-do-not-send="true"
href="mailto:delphi@listserver.123.net.nz"
target="_blank">delphi@listserver.123.net.nz</a><br>
Admin: <a moz-do-not-send="true"
href="http://delphi.org.nz/mailman/listinfo/delphi" target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a><br>
Unsubscribe: send an email to <a
moz-do-not-send="true"
href="mailto:delphi-request@listserver.123.net.nz"
target="_blank">
delphi-request@listserver.123.net.nz</a>
with Subject: unsubscribe</div>
</div>
<p class="MsoNormal">Â </p>
</div>
</div>
<div class=""> <br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
NZ Borland Developers Group - Delphi mailing list
Post: <a moz-do-not-send="true" href="mailto:delphi@listserver.123.net.nz" target="_blank">delphi@listserver.123.net.nz</a>
Admin: <a moz-do-not-send="true" href="http://delphi.org.nz/mailman/listinfo/delphi" target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a>
Unsubscribe: send an email to <a moz-do-not-send="true" href="mailto:delphi-request@listserver.123.net.nz" target="_blank">delphi-request@listserver.123.net.nz</a> with Subject: unsubscribe</pre>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
</div>
<div class="">
<div>
<p color="#000000" align="left">No virus
found in this message.<br>
Checked by AVG - <a
moz-do-not-send="true"
href="http://www.avg.com"
target="_blank">www.avg.com</a><br>
Version: 2014.0.4716 / Virus Database:
3986/7813 - Release Date: 07/07/14</p>
</div>
</div>
</blockquote>
<br>
</div>
<div class=""> <br>
_______________________________________________<br>
NZ Borland Developers Group - Delphi mailing
list<br>
Post: <a moz-do-not-send="true"
href="mailto:delphi@listserver.123.net.nz"
target="_blank">delphi@listserver.123.net.nz</a><br>
Admin: <a moz-do-not-send="true"
href="http://delphi.org.nz/mailman/listinfo/delphi"
target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a><br>
Unsubscribe: send an email to <a
moz-do-not-send="true"
href="mailto:delphi-request@listserver.123.net.nz"
target="_blank">delphi-request@listserver.123.net.nz</a>
with Subject: unsubscribe<br>
</div>
</blockquote>
</div>
<br>
</div>
<div class=""> <br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
NZ Borland Developers Group - Delphi mailing list
Post: <a moz-do-not-send="true" href="mailto:delphi@listserver.123.net.nz" target="_blank">delphi@listserver.123.net.nz</a>
Admin: <a moz-do-not-send="true" href="http://delphi.org.nz/mailman/listinfo/delphi" target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a>
Unsubscribe: send an email to <a moz-do-not-send="true" href="mailto:delphi-request@listserver.123.net.nz" target="_blank">delphi-request@listserver.123.net.nz</a> with Subject: unsubscribe</pre>
<br>
<fieldset></fieldset>
<br>
<p color="#000000" align="left">No virus found in this
message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com" target="_blank">www.avg.com</a><br>
Version: 2014.0.4716 / Virus Database: 3986/7813 -
Release Date: 07/07/14</p>
</div>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
NZ Borland Developers Group - Delphi mailing list<br>
Post: <a moz-do-not-send="true"
href="mailto:delphi@listserver.123.net.nz">delphi@listserver.123.net.nz</a><br>
Admin: <a moz-do-not-send="true"
href="http://delphi.org.nz/mailman/listinfo/delphi"
target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a><br>
Unsubscribe: send an email to <a moz-do-not-send="true"
href="mailto:delphi-request@listserver.123.net.nz">delphi-request@listserver.123.net.nz</a>
with Subject: unsubscribe<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
NZ Borland Developers Group - Delphi mailing list
Post: <a class="moz-txt-link-abbreviated" href="mailto:delphi@listserver.123.net.nz">delphi@listserver.123.net.nz</a>
Admin: <a class="moz-txt-link-freetext" href="http://delphi.org.nz/mailman/listinfo/delphi">http://delphi.org.nz/mailman/listinfo/delphi</a>
Unsubscribe: send an email to <a class="moz-txt-link-abbreviated" href="mailto:delphi-request@listserver.123.net.nz">delphi-request@listserver.123.net.nz</a> with Subject: unsubscribe</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<p class="" avgcert""="" color="#000000" align="left">No virus
found in this message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a><br>
Version: 2014.0.4716 / Virus Database: 3986/7813 - Release Date:
07/07/14</p>
</blockquote>
<br>
</body>
</html>