The RESTlet Base String

The values used in the following code samples are defined in the section The Signature for Web Services and RESTlets.

See the following topics in this section:

Create the RESTlet Base String Manually

In the following example, the Base String consists of three parts. Each step contains a screenshot of a piece of the code to show the line numbers. To view the entire code example, see the following section: The restletBaseString Function.


POST parameters are used only with content type "application/x-www-form-urlencoded". However, this content type is not allowed by RESTlets.

  1. HTTP method - line 3


    The HTTP method must be in uppercase.

    The restletBaseString function, part 1.
  2. URL- lines 6-16

    • URL is taken without parameters. (lines 6-12)

    • Schema (http, https) and hostname must be in lowercase. (lines 13-15)

    The restletBaseString function, part 2.
  3. Parameters - lines 19-51

    • Place all OAuth, GET, and POST parameters into the array of arrays. (lines 19-37)

    • Parameter names and values are urldecoded before entering into array (lines 30–34)

    • The array is sorted in alphabetical order by parameter name. (line 40)

    • The string containing all parameters is created. Each name and value is separated by the equal character (=) and each pair is separated by the ampersand character (&). Both name and value are rawurlencoded. (lines 42-50)

    • The whole string containing parameters is rawurlencoded before joining with rest of the Base String (line 51)

    The restletBaseString function, part 3.

The restletBaseString Function

            function restletBaseString($httpMethod, $url, $consumerKey, $tokenKey, $nonce, $timestamp, $version, $signatureMethod, $postParams){
  //http method must be upper case
  $baseString = strtoupper($httpMethod) .'&';
  //include url without parameters, schema and hostname must be lower case
  if (strpos($url, '?')){
    $baseUrl = substr($url, 0, strpos($url, '?'));
    $getParams = substr($url, strpos($url, '?') + 1);
  } else {
   $baseUrl = $url;
   $getParams = "";
  $hostname = strtolower(substr($baseUrl, 0,  strpos($baseUrl, '/', 10)));
  $path = substr($baseUrl, strpos($baseUrl, '/', 10));
  $baseUrl = $hostname . $path;
  $baseString .= rawurlencode($baseUrl) .'&';
  //all oauth and get params. First they are decoded, next sorted in alphabetical order , next each key and values is encoded and finally whole parameters are encoded
  $params = array();
  $params['oauth_consumer_key'] = array($consumerKey);
  $params['oauth_token'] = array($tokenKey);
  $params['oauth_nonce'] = array($nonce);
  $params['oauth_timestamp'] = array($timestamp);
  $params['oauth_signature_method'] = array($signatureMethod);
  $params['oauth_version'] = array($version);
  foreach (explode('&', $getParams ."&". $postParams) as $param) {
    $parsed = explode('=', $param);
    if ($parsed[0] != "") {
      $value = isset($parsed[1]) ? urldecode($parsed[1]): "";
      if (isset($params[urldecode($parsed[0])])) {
        array_push($params[urldecode($parsed[0])], $value);
      } else {
        $params[urldecode($parsed[0])] = array($value);
  //all parameters must be sorted in alphabetical order
  $paramString = "";
  foreach ($params as $key => $valueArray){
    //all values must be sorted in alphabetical order
    foreach ($valueArray as $value){
      $paramString .= rawurlencode($key) . '='. rawurlencode($value) .'&';
  $paramString = substr($paramString, 0, -1);
  $baseString .= rawurlencode($paramString);
  return $baseString;


See also:

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) Tasks for Administrators
Token-based Authentication (TBA) for Integration Application Developers

General Notices