Comment on page
Computing the digest
Guideline for generating the message digest
The signed Authorization header includes, among other claims, a sha256 digest of the HTTP request (note: the Finqware API only uses POST application/json requests similar to a GraphQL API).
- 1.take the json payload and compress it to a single-line json without any whitespaces
- make sure you do not remove any useful whitespaces (eg: from a debtor name when submitting a payment)
- it is recommended to use a standard json library to do that instead of your own regex## Python example#http_payload = {"client_id": "51e2389....02d51","client_app_key": "MDAxNmxvY2F0aWMz...D9rgv7_DySaiYgo","skill": "bt_ro_aisp_sbx_#2.0"}# a compact stringified json without any whitespacescompact_http_payload = json.dumps(http_payload, separators=(',', ':')).encode("utf-8")
- 2.compute a Base64 (not URL-safe) encoded SHA-256 hash of the compressed json formatdigest = hashlib.sha256(compact_http_payload).digest()b64_digest = base64.b64encode(digest).decode("utf-8")
Note:
- make sure your HTTP client sends the request with the json keys in the same order as in the payload used when computing the digest
Last modified 2yr ago