Computing the digest

Guideline for generating the message digest

The signed Authorization header includes, among other claims, a sha256 digest of the HTTP request (note: the Finqware API only uses POST application/json requests similar to a GraphQL API).
Steps
1.take the json payload and compress it to a single-line json without any whitespaces
make sure you do not remove any useful whitespaces (eg: from a debtor name when submitting a payment)
it is recommended to use a standard json library to do that instead of your own regex
#
# Python example
#
​
http_payload = {
  "client_id": "51e2389....02d51",
  "client_app_key": "MDAxNmxvY2F0aWMz...D9rgv7_DySaiYgo", 
  "skill": "bt_ro_aisp_sbx_#2.0"
}
​
# a compact stringified json without any whitespaces 
compact_http_payload = json.dumps(http_payload, separators=(',', ':')).encode("utf-8")
2.compute a Base64 (not URL-safe) encoded SHA-256 hash of the compressed json format
digest = hashlib.sha256(compact_http_payload).digest()
b64_digest = base64.b64encode(digest).decode("utf-8")
Note:
make sure your HTTP client sends the request with the json keys in the same order as in the payload used when computing the digest

RS256 infrastructure

Signing HTTP requests

Last modified 1yr ago