But first…

Registration for NAV TechDays 2017 have been opened.  I will do a workshop on web services and json.  I will be using both C/AL and AL with VS Code in this workshop.

Make sure to register for the conference and if possible go to one or two of the workshops.

Now to the topic.  Yesterday I started to develop an integration solution for bokun.io.  Their API is RESTful and uses Json file formats.  It also requires authentication.

In a project like this I usually start by using the OCR Service Setup from standard NAV.  Create a Setup table and a page.

Looking at the API documentation we can see that we need to use HmacSHA1 with both Access Key and Secret Key to authenticate.  In other project I used HmacSHA256 with the Access Key for the Azure API.

First part of the authentication is the time stamp created in UTC.  I find it easy to use the DateTime DotNet variable to solve this.  There are two different formatting I needed to use.

REST service normally just use GET or POST http methods.  The authentication is usually in the request headers.  This is an example from bokun.is

The GetSignature function is

The Secret Key string and the Signature is converted to a byte array.  The Crypto class is constructed with the Secret Key Byte Array and used to compute hash for the Signature Byte Array. That hash is also a byte array that must be converted to a base64 string.  This will give you the HmacSHA1 signature to use in the request header.

My Azure project is using HmacSHA256 but the code is similar.

Azure displays the Access Keys in base64 format while bokun.is has a normal string.

A little further down the line I choose not to use XML Ports, like I did here, but still convert Json to Xml or Xml to Json.

I use the functions from Codeunit “XML DOM Management” to handle the Xml.  This code should give you the general idea.



4 thoughts on “REST Web Services using Json and requiring authentication

  1. Steven says:


    Thanks for the post.
    I have a problem with the function for calculating the hmacsha256 : i have a = in the sign and the authentication failed because of it.
    Could you give me more detail (variables , functions…) about the function where you calculate the hamcsha256 ?
    do you know what .net can i use to avoid the = in the string ?

  2. Chris says:

    Hello Gunnar,

    Great post!

    I found it as I am trying to define a variable referencing DotNet HMACSHA256 and I was wondering what how your variable crypto is defined.

    System.Security.Cryptography.HMACSHA256 Does not show as a possibility in my NAV (2016) ?


    1. Hi Cris

      The System keyword can be found in multiple dll files. Including mscorlib, System, System.Web, System.Security…
      When you lookup the Class on MSDN (https://msdn.microsoft.com/en-us/library/system.security.cryptography.hmacsha256(v=vs.110).aspx) you can see that this one here:

      Namespace:   System.Security.Cryptography
      Assembly:  mscorlib (in mscorlib.dll)

Leave a Reply

%d bloggers like this: