Recent Revisions to This Document

About This Guide

Introduction to REST
- Secure Communication Requirements
- REST Set-Up Workflow

Registering for a Sandbox Account

Creating a P12 Certificate
- Creating a P12 Certificate
- Testing the Shared Secret Key Pair
- Extracting the Private Key from the PKCS12 Certificate

Creating a Shared Secret Key Pair
- Creating a Shared Secret Key Pair
- Testing the Shared Secret Key Pair

Constructing Messages Using JSON Web Tokens
- Generate a Hash of the Message Body
- Generate a Hash of the Claim Set
- Generate a Hash of the Token Header
- Generate a Token Signature
- Generate a JSON Web Token

Constructing Messages Using HTTP Signature Security
- Generating a Hash of the Message Body
- Generate the Signature Hash
- Updating Header Fields

Enabling Message-Level Encryption
- Message-Level Encryption Using JSON Web Tokens
- Message-Level Encryption Using HTTP Signature Authentication

Going Live
- Creating a Merchant ID
- Activating your Merchant ID

On This Page

Constructing Messages Using HTTP Signature Security

HTTP signatures use a digital signature to enable the receiver to validate the sender's authenticity and ensure that the message was not tampered with during transit. For more information on HTTP signatures, see the IETF Draft: HTTP Message Signatures.

Follow these steps to implement HTTP signatures:

Create a shared secret key pair.

Creating a Shared Secret Key Pair

Generate a hash of the message body.

Generating a Hash of the Message Body

Generate a signature hash.

Generate the Signature Hash

Populate the

signature

header field.

Updating Header Fields