Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

what is nonce in the api client

byMR
January 9, 2022

I have a API client code to make a PHP call. But as a matter of fact the documentation given with the API is very limited, so I don’t really know how to use it. This is the API code:

<?php
class PoW {
    private $data;
    private $bit;
    private $diff;
    private $nonce = array(
        "data" => 0,
        "valid" => false
    );
    
    public function __construct($data, $bit="a", $diff=5) {
        $this->data = $data;
        $this->bit = $bit;
        $this->diff = $diff;
    }
    
    public function __get($name) {
        switch ($name) {
            case "nonce":
                if ($this->nonce["valid"]) {
                    return $this->nonce["data"];
                } else {
                    while (!$this->nonce["valid"]) {
                        if (substr(sha1($this->data . $this->nonce["data"]), 0, $this->diff) == str_repeat($this->bit, $this->diff)) {
                            $this->nonce["valid"] = true;
                            return $this->nonce["data"];
                        } else {
                            $this->nonce["data"] += 1;
                        }
                    }
                }
                break;
            case "hash":
                return sha1($this->data . $this->nonce["data"]);
                break;
            default:
                return $this->$name;
                break;
        }
    }
}

$name = readline("Name: ");
$id = readline("ID: ");

$data = $name.$id;

$test = new PoW(sha1($name.$id));

echo "Original data: " . $data . "\n";
echo "data: " . $test->data . "\n";
echo "nonce: " . $test->nonce . "\n";
echo "hash: " . $test->hash . "\n";

$result = file_get_contents("https://test.com/api/search.php?mode=pow&hash={$test->data}&nonce={$test->nonce}");

echo "\n" . $result . "\n";

This is the error I get when sending the request

{
    "status": "1",
    "error": "Nonce error: Nonce must meet the sha1 (request hash + nonce)5 Bit equal aaaaa"
}

This is my example Get request

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

https://test.com/api/search.php?mode=pow&hash=a719682d4c28e34a60fdecce65899983b7b7f4ab&nonce=aaaaa

I don’t know what is nonce and how does it generates, what should I put instead of "aaaaa"? documentation about nonce says "nonce: (required if mode is set to pow) The string which makes the first 5 sha1 of hash + nonce equals to aaaaa."

>Solution :

The NIST glossary defines a nonce as follows:

"A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these."

Source: https://csrc.nist.gov/glossary/term/nonce

See also:

Nonce values are typically used in security related use-cases to help defend against replay attacks.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading