Request signature authentication is the process of creating an encrypted token to a set of request parameters and their values.
Provider gets API-key and secret-key for both environments (development and production).
Provider should sign each request to MoneyMade Connect OAuth API via request-signature header.
Payload signature generation
-
Dump payload to JSON string.
Example: '{"accessToken":"token"}' -
Encode JSON string to base64.
Example: eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0= -
Concat the AP- key with payload by formula:
publicKey + payload + publicKey
Example (for publicKey = 123): 123eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0=123 -
Create hmac using sha256 alrogithm and secret-key as encription key.
Note: hmac digest should be hex.
Example (for secretKey = 123): d5eefd4d42e486f5aafdf056b0167cb05466edd05754823e01b6e80f74bba1b3