Request signature authentication is the process of creating an encrypted token to a set of request parameters and their values.

Provider gets API-key and secret-key for both environments (development and production).
Provider should sign each request to MoneyMade Connect OAuth API via request-signature header.

Payload signature generation

  1. Dump payload to JSON string.
    Example: '{"accessToken":"token"}'

  2. Encode JSON string to base64.
    Example: eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0=

  3. Concat the AP- key with payload by formula:
    publicKey + payload + publicKey
    Example (for publicKey = 123): 123eyJhY2Nlc3NUb2tlbiI6InRva2VuIn0=123

  4. Create hmac using sha256 alrogithm and secret-key as encription key.
    Note: hmac digest should be hex.
    Example (for secretKey = 123): d5eefd4d42e486f5aafdf056b0167cb05466edd05754823e01b6e80f74bba1b3