Trouble with signature string (in python)


New Member

We're creating an integration with a platform that is built on Mailwizz and are unable to get the correct signature string; in PHP this is $signatureString but we're attempting to write this in python.

Here's what we currently have (which returns an API error):

for GET request:

With the following headers:
'Accept-Encoding': 'gzip,deflate',
'Accept': '*/*',
'User-Agent': 'python-requests/2.8.0',
'Connection': 'keep-alive',
'X-MW-TIMESTAMP': '1444407416'

Anyone out there experience something similar or have suggestions? Thanks!

While i don't have any experience with python, maybe adding the code that generates the actual signature would help.

Ok, here's the code that generate the signature:
import time
import logging
import urllib
import hashlib
import hmac

from google.appengine.api import urlfetch # this is substitute for "requests" for GAE

def create_signature(method, url, headers, private_key):
params = headers
separator = '&' # hardcoded for testing - because the url already contains GET query
signature_string = ''.join([method.upper(), ' ', url, separator, urllib.urlencode(params)])
return, signature_string, hashlib.sha1).hexdigest()[/INDENT]

def get_lists():
method = 'GET' # hardcoded for testing
action = 'lists' # hardcoded for testing
url = "" % (action + '?page=1&per_page=2')[/INDENT]

public_key = 'YYY'

private_key = 'XXX'

headers = {
'X-MW-PUBLIC-KEY': public_key,
'X-MW-TIMESTAMP': str(int(time.time())),
# 'X-MW-REMOTE-ADDR': '', # not mandatory ??
signature = create_signature(method, url, headers, private_key)

headers['X-MW-SIGNATURE'] = signature

response = urlfetch.fetch(
return response
Last edited by a moderator:
@Ave81 - From what i see, the creation of signature is not correctly done.

Let's recap a bit, in order to generate the signature you need to follow these steps:
0) Define a big array to hold the data, let's call it params, in python i guess this is a dict:
params  = {}

1) Add the special headers in the params array
  'X-MW-PUBLIC-KEY': $publicKey,
  'X-MW-TIMESTAMP': $timestamp,
All those 3 are required.
2) Next we have to add POST/PUT/DELETE params in the big param dict.
Not sure how that is done in python, but make sure you add them
3) Once we have this big params dict, we need to sort it by key
$separator = $client->paramsGet->count > 0 && strpos($requestUrl, '?') !== false ? '&' : '?';
Here $client->paramsGet is actually the $_GET global array. We need to see if there are elements in it and if the url we will reques already contains the question mark in it. If it contains the question mark, then the query args separator will be a &, otherwise a ?
$signatureString = strtoupper($client->method) . ' ' . $requestUrl . $separator . http_build_query($params, '', '&');
This should translate in something like:
$signature = hash_hmac('sha1', $signatureString, $privateKey, false);
This i think you got right.

5) You put this resulted signature in the headers, like you already did and then you do the actual request, like you did.

This is pretty much as i can explain it, for more info, you'll have to look at as the code is very self explanatory.
You're missing 'X-MW-REMOTE-ADDR' from that string, as i said, all that is required can be found here: ;)

Keep in mind that if you're doing a post request, your sig string will transform into smth like:
It's important to order the params, asc. by their name.

Hi twisted,

I was able to get GET working but POST is something I am still figuring out in Python.
I am trying to subscribe this test user but I get this error message.
{"status":"error","error":"Please provide the subscriber email address."}
and here is my post address for creating special signature.

and here's actual url

Thank you in advance!
@KenKen - Can you provide the full code, If you cant provide it here please use pastebin.

 If you can provide it here then please use "[CODE]"   "[/ CODE] "  but without the double quotes "" or spaces to ensure the code is structred correctly when posting it in this forum.

Just revised this reply with correct code. Please see the code below.

For Python users, just make sure that you use post function in Requests. I was sending params instead of data which was not correct.

Thank you twisted and BirdyUK. Figured out after looking at your php code.


def subscribe_user_mail():
    #Required POST values
    method = 'POST'
    action = 'lists'
    uid = '1234uid'
    url = "" % (action+'/'+uid+'/subscribers?')
    public_key = '1234publickey'
    private_key = '1234privatekey'
    current_time = str(int(time.time()))
    remote_addr = ''
    #Add three values into the header
    headers_o = {
        'X-MW-PUBLIC-KEY': public_key,
        'X-MW-TIMESTAMP': current_time,
        'X-MW-REMOTE-ADDR': remote_addr
    #Order header keys by asc
    headers = collections.OrderedDict(sorted(headers_o.items()))

    #Create special signature
    signature_string = ''.join([method.upper(), ' ', url, '&', urllib.urlencode(headers)])
    signature =, signature_string, hashlib.sha1).hexdigest()
    #Add special signature in the header
    headers['X-MW-SIGNATURE'] = signature
    #Send POST request
    response =
    #Print output
    return response
    #Print POST url and url accessed via API
    return response.url +','+signature_string
Last edited: