Finqware API
Search
K
Comment on page

Computing the digest

Guideline for generating the message digest
The signed Authorization header includes, among other claims, a sha256 digest of the HTTP request (note: the Finqware API only uses POST application/json requests similar to a GraphQL API).

Steps

  1. 1.
    take the json payload and compress it to a single-line json without any whitespaces
    • make sure you do not remove any useful whitespaces (eg: from a debtor name when submitting a payment)
    • it is recommended to use a standard json library to do that instead of your own regex
      #
      # Python example
      #
      http_payload = {
      "client_id": "51e2389....02d51",
      "client_app_key": "MDAxNmxvY2F0aWMz...D9rgv7_DySaiYgo",
      "skill": "bt_ro_aisp_sbx_#2.0"
      }
      # a compact stringified json without any whitespaces
      compact_http_payload = json.dumps(http_payload, separators=(',', ':')).encode("utf-8")
  2. 2.
    compute a Base64 (not URL-safe) encoded SHA-256 hash of the compressed json format
    digest = hashlib.sha256(compact_http_payload).digest()
    b64_digest = base64.b64encode(digest).decode("utf-8")
Note:
  • make sure your HTTP client sends the request with the json keys in the same order as in the payload used when computing the digest
Previous
RS256 infrastructure
Next
Signing HTTP requests
Last modified 2yr ago