Ramesh Kumar Ramesh Kumar - 5 months ago 73
reST (reStructuredText) Question

Invalid Signature - provided signature does not match WooCommerce REST API calling from Android

I am an Android developer and new to Woocommerce and started consuming REST service with Oauth1.0 authentication. I am getting proper response from PostMan (RestClient plugin) and getting "Invalid Signature" error while I call from my android application.

Here is my Android code:

OAuthParameters oauth;

public OAuthParameters authChecking() {
oauth = new OAuthParameters();
GenericUrl genericUrl = new GenericUrl("http://localhost/wordpress/wc-api/v3/products/count");

oauth.consumerKey = "ck_xxxxxxxxxxxxxxxxxxxxxxxxxxx";
oauth.signatureMethod = "HMAC-SHA1";
oauth.version = "3.0";

oauth.signer = new OAuthSigner() {
public String getSignatureMethod() {

return oauth.signatureMethod;

public String computeSignature(String signatureBaseString) throws GeneralSecurityException {

String key = "cs_xxxxxxxxxxxxxxxxxxxxxxxxxx";

Mac mac = Mac.getInstance(
SecretKeySpec secret = new SecretKeySpec(key.getBytes(), "HmacSHA1");

byte[] digest = mac.doFinal(signatureBaseString.getBytes());
Log.e("SIGNATURE Base64", new String(Base64.encode(digest, 0)).trim());

String signature = new String(com.google.api.client.repackaged.org.apache.commons.codec.binary.Base64.encodeBase64String(digest));
return signature;
try {
oauth.computeSignature("GET", genericUrl);

} catch (GeneralSecurityException e) {
return null;
} catch (NullPointerException e) {
return null;
return oauth;

public void requestAPI(Object... param) {
OAuthParameters oauth = authChecking();
if (oauth != null) {
String url = null;
try {

Toast.makeText(MainActivity.this, "Signature retrive called", Toast.LENGTH_SHORT).show();
url = "http://localhost/wordpress/wc-api/v3/products/"+"count?oauth_consumer_key=" + oauth.consumerKey + "&oauth_signature_method=" + oauth.signatureMethod + "&oauth_timestamp=" + oauth.timestamp + "&oauth_nonce=" + oauth.nonce + "&oauth_version=" + oauth.version + "&oauth_signature="
// + java.net.URLDecoder.decode(oauth.signature, "UTF-8");
+ URLEncoder.encode(oauth.signature, "UTF-8");
// +oauth.signature;
} catch (UnsupportedEncodingException e) {
url = null;
Log.v("URL ", url);
Log.v("SINGNATURE ", oauth.signature);

getDataFromWeb_Get.getData(this, this, new String[]{"http://localhost/wordpress/wc-api/v3/products/", url});


I have searched on google for generating Signature but all were saying the same code. I use this tool http://oauth.googlecode.com/svn/code/javascript/example/signature.html to validate signature but could not validate because PostMan, this tool and android generated signature were different from each other.


You must send all the parameters in the sequence. Like we have a code in php

uksort( $params, 'strcmp' );

See how you can sort the parameters in android.