| title | order |
|---|---|
Creating your Digital Signature |
4 |
We use a Digital Signature to ensure that the integrity of a request body (sent to us) is maintained. The whole HTTP request body (in its original format) is used to create a Digital Signature, as it is specific to the body of each request.
We use the following specifications to create a Digital Signature:
- Raw Message Encoding: UTF-8
- Message digest algorithm: SHA-256
- Signing algorithm: RSA
- Padding: PKCS#1 v1.5
- Digital Signature Encoding: Base64
Follow these steps to create a Digital Signature:
- UTF-8 encode the exact request body that will be sent to our institution api (any differences e.g., addition/removal of spaces will result in a totally different Digital Signature)
- Hash the encoded value using SHA-256
- Request a Digital Signature for that hash value from your Hardware Security Module (HSM)*
- The output is the Message Digital Signature
- Send the Base64 encoded string representation of the digital signature in the HTTP header DigitalSignature for all requests that have a request body
*In the simulation environment, these operations can be undertaken using Open Source solutions.
For additional help with creating your authentication profile and Digital Signature, please refer to the following examples on the ClearBank GitHub repository:
- C# example for ClearBank® API and Webhooks
- Postman Collections for invoking the ClearBank® API
- C# example for signing ClearBank® API requests
- Python example for signing ClearBank® API requests
- Java example for signing ClearBank® API requests
Please note that the code in these examples is not production ready and has been simplified for brevity.