This API specification defines the sandbox utility service made available by SMBC Group in order to sign HTTP messages sent from clients as well as verifying that the message is signed by the TPP, using their private key. This can be verified using the eIDAS public certificate.
While the full set of mandatory fields in the Signature/headers field will vary by operation for production APIs, the common mandatory fields are as follows:
(request-target) - This is the request URI including any request parameters of the production endpoint, e.g., "POST /berlingroup/v1/payments/pain.001-sepa-credit-transfers".
date - The current date-time when the request is generated in the format defined in RFC 7231.
digest - SHA-256 hash of the request message payload.
Note that the sandbox utility service will not enforce Berlin Group interface semantics such as operation-specific mandatory fields to enable you to test both happy and unhappy paths.