REST Web Services using Json and requiring authentication

But first…

Registration for NAV TechDays 2017 have been opened.  I will do a workshop on web services and json.  I will be using both C/AL and AL with VS Code in this workshop.

Make sure to register for the conference and if possible go to one or two of the workshops.

Now to the topic.  Yesterday I started to develop an integration solution for  Their API is RESTful and uses Json file formats.  It also requires authentication.

In a project like this I usually start by using the OCR Service Setup from standard NAV.  Create a Setup table and a page.

Looking at the API documentation we can see that we need to use HmacSHA1 with both Access Key and Secret Key to authenticate.  In other project I used HmacSHA256 with the Access Key for the Azure API.

First part of the authentication is the time stamp created in UTC.  I find it easy to use the DateTime DotNet variable to solve this.  There are two different formatting I needed to use.

REST service normally just use GET or POST http methods.  The authentication is usually in the request headers.  This is an example from

The GetSignature function is

The Secret Key string and the Signature is converted to a byte array.  The Crypto class is constructed with the Secret Key Byte Array and used to compute hash for the Signature Byte Array. That hash is also a byte array that must be converted to a base64 string.  This will give you the HmacSHA1 signature to use in the request header.

My Azure project is using HmacSHA256 but the code is similar.

Azure displays the Access Keys in base64 format while has a normal string.

A little further down the line I choose not to use XML Ports, like I did here, but still convert Json to Xml or Xml to Json.

I use the functions from Codeunit “XML DOM Management” to handle the Xml.  This code should give you the general idea.



9 Replies to “REST Web Services using Json and requiring authentication”

  1. Hi,

    Thanks for the post.
    I have a problem with the function for calculating the hmacsha256 : i have a = in the sign and the authentication failed because of it.
    Could you give me more detail (variables , functions…) about the function where you calculate the hamcsha256 ?
    do you know what .net can i use to avoid the = in the string ?

  2. Hello Gunnar,

    Great post!

    I found it as I am trying to define a variable referencing DotNet HMACSHA256 and I was wondering what how your variable crypto is defined.

    System.Security.Cryptography.HMACSHA256 Does not show as a possibility in my NAV (2016) ?


  3. Hi Gunnar,

    Thanks for sharing the very helpful post.

    could you please share how you defined variable “DatatoHMAC”?
    Which Namespace and Assembly you used here.

    I am facing error “The function call was ambiguous. No matching method was found.” in below code.

    Signature := Convert.ToBase64String(Crypto.ComputeHash(DataToHMAC));

    Thanks in advance.

      1. Hi Gunnar,

        Thanks for your prompt response.

        Yes, actually i am trying to create a HMACSHA256 signature for amazon SQS.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.