OVH Community, your new community space.

How to authenticate against the API using powershell

20-11-2015, 07:28
Yea, I also meet some kind of problem, and i think it help me so much, thank you!

28-05-2015, 06:49
great, i think it help me so much

12-05-2015, 12:23
very interesting! thanks for sharing

11-05-2015, 16:10
Turns out I had forgotten to append the string "$1$" to the generated hash.

11-05-2015, 14:12
Hi Chaps,
I'm trying to get a list of our dedicated servers using powershell, via the new API. But I'm a bit stuck at generating the authentication signature. I *think* I followed the steps here: but I guess I messed something up. My script so far looks like this:

$ApplicationKey = 'myAppKey'
$ApplicationSecret = 'myAppSecret'

function MakeApiRequest($url, $method, $body = $null)
    $timestamp = (Invoke-WebRequest '').Content
    $consumerKey = GetConsumerKey
    $hashInput = "$ApplicationSecret+$consumerKey+$method+$url+$(if($body -eq $null) { ''} else { $body })+$timestamp"
    Write-Host "hashInput is $hashInput"
    $hashStream = new-object System.IO.MemoryStream(,[System.Text.Encoding]::UTF8.GetBytes($hashInput))
    $hash = (Get-FileHash -InputStream $hashStream -Algorithm SHA1).Hash.ToLower()
    Write-Host "hash is $hash"

    $headers = @{
        'X-Ovh-Application' = $ApplicationKey;
        'X-Ovh-Signature' = $hash;
        'X-Ovh-Consumer' = $consumerKey;
        'X-Ovh-Timestamp' = $timestamp

    return Invoke-WebRequest -Method $method -Uri $url -Body $body -Headers $headers -ContentType 'application/json'

function GetConsumerKey()
    $body = @{
        accessRules = @(
                method = 'GET';
                path = '/*'
        redirection = ''

    $headers = @{ 'X-Ovh-Application' = $ApplicationKey }

    $response = (Invoke-WebRequest -Method Post -Uri '' -Body $($body | ConvertTo-Json) -Headers $headers -ContentType 'application/json') | ConvertFrom-Json

    return $response.consumerKey

$result = MakeApiRequest -url '' -method 'GET'
However I get a response back that looks like this:

HTTP/1.1 400 Bad Request
Date: Mon, 11 May 2015 12:08:25 GMT
Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8o mod-xslt/1.3.9
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/json; charset=utf-8
Content-Length: 92

{"errorCode":"INVALID_SIGNATURE","httpCode":"400 Bad Request","message":"Invalid signature"}
Can anyone see the flaw in the script?

Thanks in advance
Tom Parrish