Invalid Signature - provided signature does not match WooCommerce REST API calling from Android


Staff member
I am an Android developer and new to Woocommerce and started consuming REST service with Oauth1.0 authentication. I am getting proper response from PostMan (RestClient plugin) and getting "Invalid Signature" error while I call from my android application.

Here is my Android code:

    OAuthParameters oauth;

    public OAuthParameters authChecking() {
        oauth = new OAuthParameters();
        GenericUrl genericUrl = new GenericUrl("http://localhost/wordpress/wc-api/v3/products/count");

        oauth.consumerKey = "ck_xxxxxxxxxxxxxxxxxxxxxxxxxxx";
        oauth.signatureMethod = "HMAC-SHA1";
        oauth.version = "3.0";

        oauth.signer = new OAuthSigner() {
            public String getSignatureMethod() {

                return oauth.signatureMethod;

            public String computeSignature(String signatureBaseString) throws GeneralSecurityException {

                String key = "cs_xxxxxxxxxxxxxxxxxxxxxxxxxx";

                Mac mac = Mac.getInstance(
                SecretKeySpec secret = new SecretKeySpec(key.getBytes(), "HmacSHA1");

                byte[] digest = mac.doFinal(signatureBaseString.getBytes());
                Log.e("SIGNATURE Base64", new String(Base64.encode(digest, 0)).trim());

                String signature = new String(;
                return signature;
        try {
            oauth.computeSignature("GET", genericUrl);

        } catch (GeneralSecurityException e) {
            return null;
        } catch (NullPointerException e) {
            return null;
        return oauth;

    public void requestAPI(Object... param) {
        OAuthParameters oauth = authChecking();
        if (oauth != null) {
            String url = null;
            try {

                Toast.makeText(MainActivity.this, "Signature retrive called", Toast.LENGTH_SHORT).show();
                url = "http://localhost/wordpress/wc-api/v3/products/"+"count?oauth_consumer_key=" + oauth.consumerKey + "&oauth_signature_method=" + oauth.signatureMethod + "&oauth_timestamp=" + oauth.timestamp + "&oauth_nonce=" + oauth.nonce + "&oauth_version=" + oauth.version + "&oauth_signature="
//               +, "UTF-8");
                        + URLEncoder.encode(oauth.signature, "UTF-8");
//            +oauth.signature;
            } catch (UnsupportedEncodingException e) {
                url = null;
            Log.v("URL ", url);
            Log.v("SINGNATURE ", oauth.signature);

            getDataFromWeb_Get.getData(this, this, new String[]{"http://localhost/wordpress/wc-api/v3/products/", url});


I have searched on google for generating Signature but all were saying the same code. I use this tool <a href="" rel="nofollow"></a> to validate signature but could not validate because PostMan, this tool and android generated signature were different from each other.