Skip to main content

Sandbox Digital Signature Utility SMBC Group v1.0

About this service

This API specification defines the sandbox utility service made available by SMBC Group in order to sign HTTP messages sent from clients as well as verifying that the message is signed by the TPP, using their private key. This can be verified using the eIDAS public certificate.

While the full set of mandatory fields in the Signature/headers field will vary by operation for production APIs, the common mandatory fields are as follows:

  • (request-target) - This is the request URI including any request parameters of the production endpoint, e.g., "POST /berlingroup/v1/payments/pain.001-sepa-credit-transfers".
  • date - The current date-time when the request is generated in the format defined in RFC 7231.
  • digest - SHA-256 hash of the request message payload.

Note that the sandbox utility service will not enforce Berlin Group interface semantics such as operation-specific mandatory fields to enable you to test both happy and unhappy paths.

Signing HTTP Messages specification by Cavage/Sporny (draft 12)


Visit the Digital Signature Tutorial page to try it out.

Need help?

Check our FAQs for common queries, otherwise please get in touch with our API support team to discuss your on-boarding.