Upgrading Signatures v6 to v15
In this section we introduce you to the features of Signatures v15 and what you need to consider when upgrading from v6 to this version.
v15 changes
Signing version header
To be able to make requests with v15 of the signing, you must add a special version header.
Example
upvest-signature-version: 15
HTTP request body digest
and content-digest
In v15 of signing, the component digest
has been deprecated and replaced by the component content-digest
.
Follow these steps to calculate content-digest
:
Capture the entire byte stream of the request body.
Calculate the SHA-512 hash of the body content.
Encode the resulting value using Base64 encoding.
Add a request header named
content-digest
with the following value:sha-512=:{digest value}:
, where{digest value}
is replaced by the result of the previous step. Please note that{digest value}
is enclosed in colons (:
).
Example
Request body | Content length | content-digest header value |
---|---|---|
{"hello": "world"} | 18 | "sha-512=:WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==: |
{"key": "value"} | 16 | sha-512=:Hd9/AvGZkbjitW1+Ml8Fg1ux1mtcDYe6mLQjDyoowIWa3LM/PmwN2v9O+MjtQGrCA3EQWUL54dlgxKHyYbrucw==: |
Calculating the signature components
In V15 of signing, signature components keys should be quoted in the signature base string:
Example for V15
"@method": POST
"@path": /endpoint
"@query": ?a=b
"accept": application/json
"authorization": Bearer access-token
"content-length": 16
"content-type": application/json
"content-digest": sha-512=:Hd9/AvGZkbjitW1+Ml8Fg1ux1mtcDYe6mLQjDyoowIWa3LM/PmwN2v9O+MjtQGrCA3EQWUL54dlgxKHyYbrucw==:
"idempotency-key": 2133825797664cad
"upvest-client-id": 5ec16164-6173-461d-b90d-116d68f55b40
Next steps
In the tutorial 'Implementing HTTP signatures v15' you can find the detailed description.