Integrating with Xero API - RSA-SHA1 Signatures

Posted by markgreenway on 20-Apr-2018 04:47


I've been tasked with integrating our OpenEdge 11.7 application with the Xero API in order to send and receive invoice information.

Xero use 2 legged OAuth 1.0a authentication which required me to generate a public/private key-pair using OpenSSL and upload the public certificate to Xero which I've done.

In order to access their API I need to use RSA-SHA1 encryption which Progress does not support.

I found this page on the Progress Knowledgebase

which suggests using an external cryptography library but I have not been able to get any of the suggestions working.

Essentially I need to generate an oauth_signature using RSA encryption and the private key (in a .pem file) that I generated.

Hoping someone has done this before and can offer some pointers and advice.



All Replies

Posted by David Abdala on 20-Apr-2018 05:29

I haven't done exactly that, but I've used OpenSSL to do similar stuff.

The best I've come up is to make scripts that do the OpenSSL stuf (.sh, .bat) and call those scripts from ABL with OS-COMMAND, passing things as parameters of the script or files in the filesystem (managed from ABL).

Keep in mind that even OpenSSL has differences between Windows and Linux, so if you are "mixing" platforms, you may need to "tweek" things. Is always better to test in the same platform (Windows - Windows, or Linux - Linux) and when that is working then test "cross-platform".

Good luck.


Posted by David O'Regan on 20-Apr-2018 06:31

Hi Mark,

I've worked on a Xero integration before and came to the same conclusions as you. I personally used OpenSSL to handle the RSA-SHA1 encryption.

As David suggests I used OS-COMMAND to call a script on the file-system that did the OpenSSL call and wrote the signed request out. I then read this back into the ABL for the subsequent encoding and HTTP call.

If there's something specific you're stuck with I can try to help.

Best Regards,


Posted by markgreenway on 20-Apr-2018 07:15

Thanks both David's

I don't suppose you have some sample code you could send?

If not then I can probably work it out but I'm pretty new to this stuff so it might take me a little time.

Thanks again, it's been driving me crazy trying to get this to work, hopefully your suggestions will fix it for me.


Posted by markgreenway on 20-Apr-2018 08:56

Needs a little tidying up and refining but I think I have mostly got it

infile.txt contains the signature I want to encrypt and signature.bin contains the encrypted string.

type C:\temp\OPENSSL\infile.txt | C:\OpenSSL-Win64\bin\openssl dgst -sha1 -sign C:\temp\OPENSSL\certs\privatekey.pem -binary > C:\temp\OPENSSL\signature.bin

Thanks again for your help.

Posted by markgreenway on 20-Apr-2018 09:05

Sorry, missed a bit.

Here's the BASE64-ENCODE of the encrypted string, basically taken straight from the OpenEdge help file



COPY-LOB FROM FILE "C:\temp\OPENSSL\signature.bin" TO encdmptr.

encdlngc = BASE64-ENCODE(encdmptr).




This thread is closed