Authentication v2
This section is intended to describe authentication way to interact with SwiftFederation APIs.
1. Authorization Header and Format
- Authorization Header Definition
| Field | Description |
|---|---|
| signatureAlgorithm | Signature Algorithm. E.g. HMAC-SHA256 |
| accessKeyId | Access key id that is assigned to customer to call APIs. |
| signature | Signature is the string which is signed based on request headers, request path, request method, access key ID and request body with access key secret. Please refer to Signature Algorithm v2. |
- Authorization Header Format
Authorization:${signatureAlgorithm} ${accessKeyId}:${signature}
- Canonical header string
To create the canonical headers list, convert all header names to lowercase and remove leading spaces and trailing spaces. The following pseudocode describes how to construct the canonical list of headers:
CanonicalHeaders = ''
headers=()
headers.append('host')
for header in request.getHeaders():
if header.startwith('x-sfd-'):
headers.append(header)
for header in sort(lowercase(headers)):
CanonicalHeaders += lowercase(header) + ':' + request.getHeader(header) + '\n'
Build the canonical headers list by sorting the (lowercase) headers by character code and then iterating through the header names. Construct each header according to the following rules:
- Append the lowercase header name followed by a colon.
- Append a comma-separated list of values for that header. Do not sort the values in headers that have multiple values.
- Append a new line ('\n').
Note: You must include the host header at a minimum.
- Canonical signing string
The signing4104 string is assembled as below:
uppercase(${HTTPMethod})+"\n"+
${URI}+"\n"+
${CanonicalHeaders}+"\n"+
${accessKeyId}+ "\n"+
${requestBody}
Example Original headers
GET /v1.2/customer/1 HTTP/1.1
Host:base-api.swiftfederation.com
Authorization:HMAC-SHA256 V265i4K31j991E19:bc051d2e520a462e36455dc75b2bc68e9a135bbf4d2fefbf6d2fc1f28c5aa5dc
Content-Type:application/json; charset=utf-8
X-SFD-Date:20180926T131000Z
X-SFD-Nonce:69527
X-SFD-Signature-Version:2
X-SFD-FZone:SG
Example Canonical form request
GET\n
/v1.2/customer/1\n
host:base-api.swiftfederation.com\n
x-sfd-date:20180926T131000Z\n
x-sfd-fzone:SG\n
x-sfd-nonce:69527\n
x-sfd-signature-version:2\n
Note2: "\n" means 0x0A, LR.
Note3: Put request parameter in ${requestBody} to do signature when http request method is 'GET'.
- Generate Signature
Calculate signature of signing string by using HMAC-SHA256 algorithm with access key secret. And then use hex to encode signature to string.
byte[] signatureBytes = hmacSha256(${accessKeySecret}, ${signingString});
String signature = Hex.encodeHex(signatureBytes);
2. Example
2.1. Request Example
Assume that AccessKeyID is 6vE59B1z4p174N25 and AccessKeySecret is 28G5nC2zw143m25026n9H11PwNYs4576.
- Original Request
GET /v1.1/customer/1 HTTP/1.1
Host:base-api.swiftfederation.com
Content-Type:application/json; charset=utf-8
X-SFD-Signature-Version:2
X-SFD-Date:20190401T131000Z
X-SFD-Nonce:69527
- Calculate Populate signing string
"GET"+"\n"+"/v1.2/customer/1"+"\n"+"host:base-api.swiftfederation.com"+"\n"+"x-sfd-date:20180926T131000Z"+"\n"+"x-sfd-fzone:SG"+"\n"+"x-sfd-nonce:69527"+"\n"+"x-sfd-signature-version:2"+"\n"+""
=>
GET
/v1.2/customer/1
host:base-api.swiftfederation.com
x-sfd-date:20180926T131000Z
x-sfd-fzone:SG
x-sfd-nonce:69527
x-sfd-signature-version:2
- Calculate Signature
Signature=Hex.encodeHex(hmacSha256("28G5nC2zw143m25026n9H11PwNYs4576", "GET"+"\n"+"/v1.2/customer/1"+"\n"+"host:base-api.swiftfederation.com"+"\n"+"x-sfd-date:20180926T131000Z"+"\n"+"x-sfd-fzone:SG"+"\n"+"x-sfd-nonce:69527"+"\n"+"x-sfd-signature-version:2"+"\n"+""))
Signature=dc0e08bf6f6487c044d2f8388da0baf7a8eda7f506b1eeffaf59957ac86969f3
- Final Request
GET /v1.2/customer/1 HTTP/1.1
Host:base-api.swiftfederation.com
Authorization:HMAC-SHA256 6vE59B1z4p174N25:dc0e08bf6f6487c044d2f8388da0baf7a8eda7f506b1eeffaf59957ac86969f3
Content-Type:application/json; charset=utf-8
X-SFD-Date:20180926T131000Z
X-SFD-Nonce:69527
X-SFD-FZone:SG
X-SFD-Signature-Version:2