Skip to main content

Dynamic Client Registration Service SMBC Group v1.0.1

Applying the digital signature when registering

Creating a production app using POST /register requires a digital signature. Refer to the example below for the correct format of the signature. The Sandbox Digital Signature Utility can be used to generate examples. The response body of the utility provides the workings towards the signature, including a copy of the signing string. The response headers provide the signature headers.

Important notes:

  • The Digest header should not have the 'SHA-256=' prefix. It is created using SHA256(requestBody) without base64-encoding.

  • The only accepted algorithm is rsa-sha256

Step Action Example
1 Use the Sandbox Digital Signature Utility

Request
curl --location --request POST 'https://api-sandbox.smbcdigital.com/crypto/v1/signature' \
--header 'smbc-headers: (request-target), date, digest' \
--header 'smbc-request-target: POST /client/v1/register' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'date: Thu, 11 Nov 2021 20:07:57 GMT' \
--header 'Authorization: Bearer {TPP Token}' \
--data-raw '{
"iss": "PSDGB-FCA-1234567890",
"client_name": "MockBank Production App",
"redirect_uris": [
"https://mymockbank.com/callback"
],
"contacts": [
"support@mymockbank.com"
]
}'

Response Body

{
    "SMBC-HTTP-Payload-HEX": "7B0A22697373223A202250534447422D4643412D31323334353637383930222C0A22636C69656E745F6E616D65223A20224D6F636B42616E6B2050726F64756374696F6E20417070222C0A2272656469726563745F75726973223A205B0A2268747470733A2F2F6D796D6F636B62616E6B2E636F6D2F63616C6C6261636B220A5D2C0A22636F6E7461637473223A205B0A22737570706F7274406D796D6F636B62616E6B2E636F6D220A5D0A7D",
    "SMBC_Normalised_Signing_String": "(request-target): POST /client/v1/register
date: Thu,
    11 Nov 2021 20: 07: 57 GMT
digest: SHA-256=56418e3ac8ba9f00661ea4c754b490ad592efc1e7d0dd371cd6c562c91fa750b",
            "SMBC_Normalised_Signing_String_HEX": "28726571756573742D746172676574293A20504F5354202F636C69656E742F76312F72656769737465720A646174653A205468752C203131204E6F7620323032312032303A30373A353720474D540A6469676573743A205348412D3235363D35363431386533616338626139663030363631656134633735346234393061643539326566633165376430646433373163643663353632633931666137353062",
    "SMBC_Normalised_Signing_String_SHA256": "4a9c89e95618ae7b282341463a6556807b12584109f8a22d225bb951065ef9c4",
    "SMBC_Signature_RSA_SHA256_Base64": "rjKeEqu30cxEIRBqE+cVYSz5VrX2SIgUuJIwqKz4py1rTuxfqkn7d0nufgFQ301NpUOwuzKFdY7yQdhxvwaffJTKNkwPdxxF+pdx8RV7h5/3sCDLY9/J59cJvgg7nlK3Rz7PEDZzsfpXt5DarE99wwM4gMOQuakDPE0zaq1KAQMHmzsBBmTTIJundb+YjYy5bggNcCLcqqt7xSSY8QMYo45zV4shPUfihYmJGsVIVpZtNIJU4EfsmoQ4ym3f5U7ikeXz2ycoh/Vc415XjPmsD4Y82EEMgeuF4p4fIZXt/9TohKAovOXLu2PmdCKwpH8oVgreCS3KNY9p3jXWHffDhw=="
}

Response Headers

Digest: 56418e3ac8ba9f00661ea4c754b490ad592efc1e7d0dd371cd6c562c91fa750b
Signature: keyId="7048BB5E00C0F426F8C474D178D2C44EDFB47259", algorithm="rsa-sha256", headers="(request-target) date digest", signature="rjKeEqu30cxEIRBqE+cVYSz5VrX2SIgUuJIwqKz4py1rTuxfqkn7d0nufgFQ301NpUOwuzKFdY7yQdhxvwaffJTKNkwPdxxF+pdx8RV7h5/3sCDLY9/J59cJvgg7nlK3Rz7PEDZzsfpXt5DarE99wwM4gMOQuakDPE0zaq1KAQMHmzsBBmTTIJundb+YjYy5bggNcCLcqqt7xSSY8QMYo45zV4shPUfihYmJGsVIVpZtNIJU4EfsmoQ4ym3f5U7ikeXz2ycoh/Vc415XjPmsD4Y82EEMgeuF4p4fIZXt/9TohKAovOXLu2PmdCKwpH8oVgreCS3KNY9p3jXWHffDhw=="
TPP-Signature-Certificate: -----BEGIN CERTIFICATE-----MIID3DCCAsSgAwIBAgIJANV8ysu4pVpIMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkdCMRMwEQYDVQQKDApHcmVlbiBCYW5rMRwwGgYDVQRhDBNQU0RHQi1GQ0EtODMzNDU1OTk5MRIwEAYDVQQDDAk4MzM0NTU5OTkwHhcNMTkxMjE4MTE0MjM2WhcNMzkxMjEzMTE0MjM2WjBUMQswCQYDVQQGEwJHQjETMBEGA1UECgwKR3JlZW4gQmFuazEcMBoGA1UEYQwTUFNER0ItRkNBLTgzMzQ1NTk5OTESMBAGA1UEAwwJODMzNDU1OTk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtScuHxmluYLY1wg4k7/PRFKIirOkDp5x/c7fQP4Hzt633b623UTXNoeFJXNHv5WRgXusR7iuUDwMVIh3MP4331Kte+J+etnHGbs2DYNOlyJ1Pkuv7eTAgFiwQwBcT6jKz79UBv9WqwFhNYx7OZ7U66pxAXGmT7TDHKgCP2908UtxvZ8sue+qRieEDQ6TrHmoTrjmJcA0xHJEBk+GZX7TziNtSituNobAgnAwG3bFakuPEDIr63tF2rMQBOMo623WgCAbeHjtUrYRa5yHqKBaRy3xYg4bDmfJF6GpSFhiSqUmGtAamOm5K2xRREGLy/+LAdW6GuxbDJHKYVh4zMiWkQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU0E7+na1oVf6SCN6F3dvNKhfV3O4wfAYIKwYBBQUHAQMEcDBuMBMGBgQAjkYBBjAJBgcEAI5GAQYDMFcGBgQAgZgnAjBNMCYwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9BSQwbRmluYW5jaWFsIENvbmR1Y3QgQXV0aG9yaXR5DAZHQi1GQ0EwDQYJKoZIhvcNAQELBQADggEBAI1y5ZV9LwT+k0B3Q50AEjcbi3t9fdi0I1vLRjdcztY0fbjffU3UzyfKVMxPZxrT8plEZi9uFDzCpuI/Ybqn9MoYVTvarMQVfsEOZT6eSQ1lVYx0rmHOg41O2yhPX4ASpc/MDgPv6yaKWwgLcfYKiLqzk8v81Lnx0h1qJOJDdj6jAxpyTFCn76cvFUlov/jS3AP4mfBaP8mZhkr7jVJ1nWlu14++shuQBYx4Px/7/u/uObkqCuBGAyIEPfUTFrjjYdEWeAZDayOL3s5rLKvKNDA7hd7dmBehUIg+RJ6STX+6z9nlU5UTS35hSuEhTwS2rJaKR0n55Z4l/uhz4CTXoWw=-----END CERTIFICATE-----

2 Create a registration

Nb: The Digest header does not begin with SHA-256=. It is created using SHA256(requestBody) without base64-encoding.

Nb: The only accepted algorithm is rsa-sha256

Request
curl --location --request POST 'https://api-sandbox.smbcdigital.com/client/v1/register' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Digest: 56418e3ac8ba9f00661ea4c754b490ad592efc1e7d0dd371cd6c562c91fa750b' \
--header 'Signature: keyId="7048BB5E00C0F426F8C474D178D2C44EDFB47259", algorithm="rsa-sha256", headers="(request-target) date digest", signature="rjKeEqu30cxEIRBqE+cVYSz5VrX2SIgUuJIwqKz4py1rTuxfqkn7d0nufgFQ301NpUOwuzKFdY7yQdhxvwaffJTKNkwPdxxF+pdx8RV7h5/3sCDLY9/J59cJvgg7nlK3Rz7PEDZzsfpXt5DarE99wwM4gMOQuakDPE0zaq1KAQMHmzsBBmTTIJundb+YjYy5bggNcCLcqqt7xSSY8QMYo45zV4shPUfihYmJGsVIVpZtNIJU4EfsmoQ4ym3f5U7ikeXz2ycoh/Vc415XjPmsD4Y82EEMgeuF4p4fIZXt/9TohKAovOXLu2PmdCKwpH8oVgreCS3KNY9p3jXWHffDhw=="' \
--header 'TPP-Signature-Certificate: -----BEGIN CERTIFICATE-----MIID3DCCAsSgAwIBAgIJANV8ysu4pVpIMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkdCMRMwEQYDVQQKDApHcmVlbiBCYW5rMRwwGgYDVQRhDBNQU0RHQi1GQ0EtODMzNDU1OTk5MRIwEAYDVQQDDAk4MzM0NTU5OTkwHhcNMTkxMjE4MTE0MjM2WhcNMzkxMjEzMTE0MjM2WjBUMQswCQYDVQQGEwJHQjETMBEGA1UECgwKR3JlZW4gQmFuazEcMBoGA1UEYQwTUFNER0ItRkNBLTgzMzQ1NTk5OTESMBAGA1UEAwwJODMzNDU1OTk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtScuHxmluYLY1wg4k7/PRFKIirOkDp5x/c7fQP4Hzt633b623UTXNoeFJXNHv5WRgXusR7iuUDwMVIh3MP4331Kte+J+etnHGbs2DYNOlyJ1Pkuv7eTAgFiwQwBcT6jKz79UBv9WqwFhNYx7OZ7U66pxAXGmT7TDHKgCP2908UtxvZ8sue+qRieEDQ6TrHmoTrjmJcA0xHJEBk+GZX7TziNtSituNobAgnAwG3bFakuPEDIr63tF2rMQBOMo623WgCAbeHjtUrYRa5yHqKBaRy3xYg4bDmfJF6GpSFhiSqUmGtAamOm5K2xRREGLy/+LAdW6GuxbDJHKYVh4zMiWkQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU0E7+na1oVf6SCN6F3dvNKhfV3O4wfAYIKwYBBQUHAQMEcDBuMBMGBgQAjkYBBjAJBgcEAI5GAQYDMFcGBgQAgZgnAjBNMCYwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9BSQwbRmluYW5jaWFsIENvbmR1Y3QgQXV0aG9yaXR5DAZHQi1GQ0EwDQYJKoZIhvcNAQELBQADggEBAI1y5ZV9LwT+k0B3Q50AEjcbi3t9fdi0I1vLRjdcztY0fbjffU3UzyfKVMxPZxrT8plEZi9uFDzCpuI/Ybqn9MoYVTvarMQVfsEOZT6eSQ1lVYx0rmHOg41O2yhPX4ASpc/MDgPv6yaKWwgLcfYKiLqzk8v81Lnx0h1qJOJDdj6jAxpyTFCn76cvFUlov/jS3AP4mfBaP8mZhkr7jVJ1nWlu14++shuQBYx4Px/7/u/uObkqCuBGAyIEPfUTFrjjYdEWeAZDayOL3s5rLKvKNDA7hd7dmBehUIg+RJ6STX+6z9nlU5UTS35hSuEhTwS2rJaKR0n55Z4l/uhz4CTXoWw=-----END CERTIFICATE-----' \
--header 'Date: Thu, 11 Nov 2021 20:07:57 GMT' \
--data-raw '{
"iss": "PSDGB-FCA-1234567890",
"client_name": "MockBank Production App",
"redirect_uris": [
"https://mymockbank.com/callback"
],
"contacts": [
"support@mymockbank.com"
]
}'

Response
{
    "iss": "PSDGB-FCA-1234567890",
    "client_name": "MockBank Production App",
    "redirect_uris": [
        "https://mymockbank.com/callback"
    ],
    "contacts": [
        "support@mymockbank.com"
    ],
    "client_id": "PSDGB-FCA-1234567890",
    "client_secret": "ac1ac770-d146-4f52-aa95-ddc6f228d053",
    "client_secret_expires_at": 0
}

 

Need help?

Check our FAQs for common queries, otherwise please get in touch with our API support team to discuss your on-boarding.