Security signatures

Request signature authentication is the process of creating an encrypted token to a set of request parameters and their values.

Provider gets API-key and secret-key for both environments (development and production).
Provider should sign each request to MoneyMade Connect OAuth API via request-signature header.

Payload signature generation

1. Dump payload to JSON string.
   Example: '{"accessToken":"token"}'

2. Encode JSON string to base64.
   Example: eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0=

3. Concat the AP- key with payload by formula:
   publicKey + payload + publicKey
   Example (for publicKey = 123): 123eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0=123

4. Create hmac using sha256 alrogithm and secret-key as encription key.
   Note: hmac digest should be hex.
   Example (for secretKey = 123): d5eefd4d42e486f5aafdf056b0167cb05466edd05754823e01b6e80f74bba1b3