Python library for generating a Mastercard API compliant OAuth signature.
| Version | Python | Status | Notes |
|---|---|---|---|
| 1.9.2 | 3.8, 3.9, 3.10, 3.11, 3.12 | Current | Maintenance & security fixes |
| 2.0.0 (coming soon) | 3.10, 3.11, 3.12 | Planned | Drops 3.8/3.9 support |
DeprecationWarning is emitted when importing this package on Python 3.8/3.9.
Release notes: see CHANGELOG.md (or GitHub Releases).
Two cryptographic methods are available for generating OAuth signatures, selected via the SignatureMethod enum:
Important: the signature_method parameter expects a SignatureMethod enum member. Do not pass raw strings
(e.g. "RSA-SHA256", "RSA-PSS-SHA256").
| Enum Value | Algorithm | Specification |
|---|---|---|
SignatureMethod.RSA_SHA256 (default) |
RSASSA-PKCS1-v1_5 with SHA-256 | RFC 8017 §8.2 |
SignatureMethod.RSA_PSS_SHA256 |
RSASSA-PSS (Digest: SHA-256, MGF: MGF1 with SHA-256, Salt length: 32 bytes) | RFC 8017 §8.1 |
OAuth.get_authorization_header accepts an optional signature_method parameter. When omitted, SignatureMethod.RSA_SHA256 is used by default. See the usage examples below for both the default flow and explicit RSA_PSS_SHA256 calls.
Before using this library, you will need to set up a project in the Mastercard Developers Portal.
As part of this set up, you'll receive credentials for your app:
- A consumer key (displayed on the Mastercard Developer Portal)
- A private request signing key (matching the public certificate displayed on the Mastercard Developer Portal)
pip install mastercard-oauth1-signer
import oauth1.authenticationutils as authenticationutils
from oauth1.oauth import OAuth, SignatureMethodA private key object can be created by calling the authenticationutils.load_signing_key method:
signing_key = authenticationutils.load_signing_key('<insert PKCS#12 key file path>', '<insert key password>')The method that does all the heavy lifting is OAuth.get_authorization_header. You can call into it directly and as long as you provide the correct parameters, it will return a string that you can add into your request's Authorization header.
If you do not provide signature_method, SignatureMethod.RSA_SHA256 is used by default.
consumer_key = '<insert consumer key>'
uri = 'https://sandbox.api.mastercard.com/service'
payload = 'Hello world!'
authHeader = OAuth.get_authorization_header(uri, 'POST', payload, consumer_key, signing_key)consumer_key = '<insert consumer key>'
uri = 'https://sandbox.api.mastercard.com/service'
authHeader = OAuth.get_authorization_header(uri, 'GET', None, consumer_key, signing_key)consumer_key = '<insert consumer key>'
uri = 'https://sandbox.api.mastercard.com/service'
payload = 'Hello world!'
authHeader = OAuth.get_authorization_header(
uri,
'POST',
payload,
consumer_key,
signing_key,
signature_method=SignatureMethod.RSA_PSS_SHA256,
)consumer_key = '<insert consumer key>'
uri = 'https://sandbox.api.mastercard.com/service'
authHeader = OAuth.get_authorization_header(
uri,
'GET',
None,
consumer_key,
signing_key,
signature_method=SignatureMethod.RSA_PSS_SHA256,
)headerdict = {'Authorization' : authHeader}
requests.post(uri, headers=headerdict, data=payload)
requests.get(uri, headers=headerdict)Alternatively, you can use helper classes for some of the commonly used HTTP clients.
These classes will modify the provided request object in-place and will add the correct Authorization header. Once instantiated with a consumer key and private key, these objects can be reused.
Usage briefly described below, but you can also refer to the test project for examples.
You can sign request objects using the OAuthSigner class.
Usage:
from oauth1.signer import OAuthSigner
uri = "https://sandbox.api.mastercard.com/service"
request = Request()
request.method = "POST"
# …
signer = OAuthSigner(consumer_key, signing_key)
request = signer.sign_request(uri, request)When signature_method is omitted, OAuthSigner uses SignatureMethod.RSA_SHA256.
To use RSA-PSS instead of the default RSA-SHA256:
from oauth1.oauth import SignatureMethod
from oauth1.signer import OAuthSigner
signer = OAuthSigner(
consumer_key,
signing_key,
signature_method=SignatureMethod.RSA_PSS_SHA256,
)
request = signer.sign_request(uri, request)The requests library supports custom authentication extensions, with which the procedure of creating and calling such requests can simplify the process of request signing. Please, see the examples below:
from oauth1.oauth_ext import OAuth1RSA
import requests
uri = 'https://sandbox.api.mastercard.com/service'
oauth = OAuth1RSA(consumer_key, signing_key)
header = {'Content-type' : 'application/json', 'Accept' : 'application/json'}
# Passing payload for data parameter as string
payload = '{"key" : "value"}'
response = requests.post(uri, data=payload, auth=oauth, headers=header)
# Passing payload for data parameter as Json object
payload = {'key' : 'value'}
response = requests.post(uri, data=json.dumps(payload), auth=oauth, headers=header)
# Passing payload for json parameter Json object
payload = {'key' : 'value'}
response = requests.post(uri, json=payload, auth=oauth, headers=header)from oauth1.oauth_ext import OAuth1RSA
import requests
uri = 'https://sandbox.api.mastercard.com/service'
oauth = OAuth1RSA(consumer_key, signing_key)
# Operation for get call
response = requests.get(uri, auth=oauth)When signature_method is omitted, OAuth1RSA uses SignatureMethod.RSA_SHA256.
from oauth1.oauth_ext import OAuth1RSA
from oauth1.oauth import SignatureMethod
import requests
uri = 'https://sandbox.api.mastercard.com/service'
oauth_auth = OAuth1RSA(
consumer_key,
signing_key,
signature_method=SignatureMethod.RSA_PSS_SHA256,
)
header = {'Content-type' : 'application/json', 'Accept' : 'application/json'}
payload = '{"key" : "value"}'
response = requests.post(uri, data=payload, auth=oauth_auth, headers=header)from oauth1.oauth_ext import OAuth1RSA
from oauth1.oauth import SignatureMethod
import requests
uri = 'https://sandbox.api.mastercard.com/service'
oauth = OAuth1RSA(consumer_key, signing_key, signature_method=SignatureMethod.RSA_PSS_SHA256)
response = requests.get(uri, auth=oauth)OpenAPI Generator generates API client libraries from OpenAPI Specs. It provides generators and library templates for supporting multiple languages and frameworks.
This project provides you with classes you can use when configuring your API client. These classes will take care of adding the correct Authorization header before sending the request.
Generators currently supported:
Client libraries can be generated using the following command:
openapi-generator-cli generate -i openapi-spec.yaml -g python -o outSee also:
import openapi_client
from oauth1.signer_interceptor import add_signer_layer
# …
config = openapi_client.Configuration()
config.host = 'https://sandbox.api.mastercard.com'
client = openapi_client.ApiClient(config)
add_signer_layer(client, '<insert PKCS#12 key file path>', '<insert key password>', '<insert consumer key>')
some_api = openapi_client.SomeApi(client)
result = some_api.do_something()
# …When signature_method is omitted, add_signer_layer uses SignatureMethod.RSA_SHA256.
To use RSA-PSS with an OpenAPI Generator client:
import openapi_client
from oauth1.oauth import SignatureMethod
from oauth1.signer_interceptor import add_signer_layer
config = openapi_client.Configuration()
config.host = 'https://sandbox.api.mastercard.com'
client = openapi_client.ApiClient(config)
add_signer_layer(
client,
'<insert PKCS#12 key file path>',
'<insert key password>',
'<insert consumer key>',
signature_method=SignatureMethod.RSA_PSS_SHA256,
)