Applying the digital signature when registering
Creating a production app using POST /register requires a digital signature. Refer to the example below for the correct format of the signature. The Sandbox Digital Signature Utility can be used to generate examples. The response body of the utility provides the workings towards the signature, including a copy of the signing string. The response headers provide the signature headers.
Important notes:
-
The Digest header should not have the 'SHA-256=' prefix. It is created using SHA256(requestBody) without base64-encoding.
-
The only accepted algorithm is rsa-sha256
Step | Action | Example |
1 | Use the Sandbox Digital Signature Utility |
Request Response Body { Response Headers Digest: 56418e3ac8ba9f00661ea4c754b490ad592efc1e7d0dd371cd6c562c91fa750b |
2 | Create a registration |
Nb: The Digest header does not begin with SHA-256=. It is created using SHA256(requestBody) without base64-encoding. Nb: The only accepted algorithm is rsa-sha256 Request Response |