PHP rest API authentication

Question

I\'m building a restful API for a php application. At the moment, the API will only accept and respond with json. The request, routing and response is all handled by the framewo

Answer 1

hash_hmac() expects its second parameter to be a string, you're passing your decoded JSON object instead. Other than that, your approach seems pretty standard. entity_id should also be protected by the HMAC signature, so I'd keep it in the request body or your signature calculation will get a little bit more complicated for no real gain.