DataFlex
DataFlex
Ibanity HTTP Signature for XS2A, Isabel Connect, Ponto Connect
See more Ibanity Examples
Demonstrates how to add a Signature header for Ibanity HTTP requests.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoJson
String sPayload
Handle hoDtNow
String sCreated
Handle hoCrypt
Handle hoSbDigestHdrValue
String sRequest_target
Handle hoSbSigningString
String sIdempotencyKey
String sSigned_headers_list
Variant vPrivKey
Handle hoPrivKey
Handle hoRsa
String sSigBase64
Handle hoSbSigHeaderValue
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// In order to sign your HTTP requests, you have to add 2 headers to the HTTP request: Digest: the digest of the request payload and Signature: the actual signature of the request.
// POST /xs2a/customer-access-tokens HTTP/1.1
// Host: api.ibanity.com
// Content-Type: application/json
// Digest: SHA-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
// Ibanity-Idempotency-Key: 61f02718-eeee-46e1-b5eb-e8fd6e799c2d
// Signature: keyId="62f02718-eeee-46e1-b5eb-e8fd6e799c2e",created=1599659223,algorithm="hs2019",headers="(request-target) host digest (created) ibanity-idempotency-key",signature="SjWJWbWN7i0...zsbM="
//
// {"data":{"type":"customerAccessToken", "attributes":{"applicationCustomerReference":"15874569"}}}
// The payload (body) of the above HTTP request is the JSON.
// Build the JSON above.
// Use this online tool to generate code from sample JSON:
// Generate Code to Create JSON
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComUpdateString Of hoJson "data.type" "customerAccessToken" To iSuccess
Get ComUpdateString Of hoJson "data.attributes.applicationCustomerReference" "15874569" To iSuccess
Get ComEmit Of hoJson To sPayload
Showln "payload = " sPayload
// Step 1: Build the (created) virtual header
Get Create (RefClass(cComCkDateTime)) To hoDtNow
If (Not(IsComObjectCreated(hoDtNow))) Begin
Send CreateComObject of hoDtNow
End
Get ComSetFromCurrentSystemTime Of hoDtNow To iSuccess
Get ComGetAsUnixTimeStr Of hoDtNow False To sCreated
Showln "created = " sCreated
// Step 2: Build the Digest header
Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
If (Not(IsComObjectCreated(hoCrypt))) Begin
Send CreateComObject of hoCrypt
End
Set ComHashAlgorithm Of hoCrypt To "sha512"
Set ComEncodingMode Of hoCrypt To "base64"
Set ComCharset Of hoCrypt To "utf-8"
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbDigestHdrValue
If (Not(IsComObjectCreated(hoSbDigestHdrValue))) Begin
Send CreateComObject of hoSbDigestHdrValue
End
Get ComAppend Of hoSbDigestHdrValue "SHA-512=" To iSuccess
Get ComHashStringENC Of hoCrypt (ComEmit(hoJson)) To sTemp1
Get ComAppend Of hoSbDigestHdrValue sTemp1 To iSuccess
Get ComGetAsString Of hoSbDigestHdrValue To sTemp1
Showln sTemp1
// Step 3: Build the (request target) virtual header
// In order to build the signature you will need a virtual header named (request-target) (the parentheses are important).
// The (request-target) is the string concatenation of the HTTP method (in lowercase) with the path and query parameters.
Move "post /xs2a/customer-access-tokens" To sRequest_target
// Step 4: Build the signing string
// The signing string is the concatenation of the signed header names (in lowercase) and values separated by a LF.
// You must always sign the following headers: (request-target), host, (created), digest.
// If used, you must also sign the authorization header and any ibanity-* headers, such as ibanity-idempotency-key.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigningString
If (Not(IsComObjectCreated(hoSbSigningString))) Begin
Send CreateComObject of hoSbSigningString
End
Get ComAppend Of hoSbSigningString "(request-target): " To iSuccess
Get ComAppendLine Of hoSbSigningString sRequest_target False To iSuccess
Get ComAppend Of hoSbSigningString "host: " To iSuccess
Get ComAppendLine Of hoSbSigningString "api.ibanity.com" False To iSuccess
Get ComAppend Of hoSbSigningString "digest: " To iSuccess
Get ComGetAsString Of hoSbDigestHdrValue To sTemp1
Get ComAppendLine Of hoSbSigningString sTemp1 False To iSuccess
Get ComAppend Of hoSbSigningString "(created): " To iSuccess
Get ComAppendLine Of hoSbSigningString sCreated False To iSuccess
Get ComAppend Of hoSbSigningString "ibanity-idempotency-key: " To iSuccess
Get ComGenerateUuid Of hoCrypt To sIdempotencyKey
Get ComAppend Of hoSbSigningString sIdempotencyKey To iSuccess
// Step 5: Build the signed headers list
// To allow Ibanity to check the signed headers, you must provide a list of the header names. They should be lowercase and in the same order used to create the signing string.
Move "(request-target) host digest (created) ibanity-idempotency-key" To sSigned_headers_list
// Step 6: Build the Signature header
// This is where the real signing happens. The signature header is a combination of several sub-headers -
//
// keyId: the identifier for the application's signature certificate, obtained from the Developer Portal
// algorithm: the digital signature algorithm used to generate the signature (must be hs2019)
// headers: The list of HTTP headers created in step 5
// signature: the Base64-encoded digital signature of the signing string created in step 4.
Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
If (Not(IsComObjectCreated(hoPrivKey))) Begin
Send CreateComObject of hoPrivKey
End
Get ComLoadEncryptedPemFile Of hoPrivKey "my_ibanity_signature_private_key.pem" "pem_password" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPrivKey To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatRsa)) To hoRsa
If (Not(IsComObjectCreated(hoRsa))) Begin
Send CreateComObject of hoRsa
End
Set ComPssSaltLen Of hoRsa To 32
Set ComEncodingMode Of hoRsa To "base64"
// Use the RSASSA-PSS signature algorithm
Set ComPkcsPadding Of hoRsa To False
Get pvComObject of hoPrivKey to vPrivKey
Get ComUsePrivateKey Of hoRsa vPrivKey To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
// Sign the signing string.
Get ComGetAsString Of hoSbSigningString To sTemp1
Get ComSignStringENC Of hoRsa sTemp1 "sha-256" To sSigBase64
Get ComLastMethodSuccess Of hoRsa To bTemp1
If (bTemp1 = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
// Build the signature header value.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigHeaderValue
If (Not(IsComObjectCreated(hoSbSigHeaderValue))) Begin
Send CreateComObject of hoSbSigHeaderValue
End
Get ComAppend Of hoSbSigHeaderValue 'keyId="' To iSuccess
// Use your identifier for the application's signature certificate, obtained from the Developer Portal
Get ComAppend Of hoSbSigHeaderValue "62f02718-eeee-46e1-b5eb-e8fd6e799c2e" To iSuccess
Get ComAppend Of hoSbSigHeaderValue '",created=' To iSuccess
Get ComAppend Of hoSbSigHeaderValue sCreated To iSuccess
Get ComAppend Of hoSbSigHeaderValue ',algorithm="hs2019",headers="' To iSuccess
Get ComAppend Of hoSbSigHeaderValue sSigned_headers_list To iSuccess
Get ComAppend Of hoSbSigHeaderValue '",signature="' To iSuccess
Get ComAppend Of hoSbSigHeaderValue sSigBase64 To iSuccess
Get ComAppend Of hoSbSigHeaderValue '"' To iSuccess
Get ComGetAsString Of hoSbSigHeaderValue To sTemp1
Showln sTemp1
End_Procedure