Computing the digest
Guideline for generating the message digest
The signed Authorization header includes, among other claims, a sha256 digest of the HTTP request (note: the Finqware API only uses POST application/json requests similar to a GraphQL API).
Steps
take the json payload and compress it to a single-line json without any whitespaces
make sure you do not remove any useful whitespaces (eg: from a debtor name when submitting a payment)
it is recommended to use a standard json library to do that instead of your own regex
# # Python example # http_payload = { "client_id": "51e2389....02d51", "client_app_key": "MDAxNmxvY2F0aWMz...D9rgv7_DySaiYgo", "skill": "bt_ro_aisp_sbx_#2.0" } # a compact stringified json without any whitespaces compact_http_payload = json.dumps(http_payload, separators=(',', ':')).encode("utf-8")
compute a Base64 (not URL-safe) encoded SHA-256 hash of the compressed json format
digest = hashlib.sha256(compact_http_payload).digest() b64_digest = base64.b64encode(digest).decode("utf-8")
Note:
make sure your HTTP client sends the request with the json keys in the same order as in the payload used when computing the digest
Last updated