Discussions
Authentication failing
Hello,
I have some issues with authentication. Getting 403 Forbidden.
First of all: I checked with the online tools and both the digest and the signed string are correct. Below the data:
Body: {"flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR"}
Digest: SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4=
Signed String: lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=
Authorization header: Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M="
I am using .NET Core 3.1 libraries, so I cannot take the ready-made PHP SDK.
I managed to capture the request data using Postman as a proxy, and here is what I am sending to your servers:
content-length:63
content-type:application/json; charset=utf-8
host:authservices.satispay.com
date:lun, 04 mag 2020 16:36:57 +0000
digest:SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4=
authorization:Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M="
Any clues as where the issue could be? I already (successfully) got 5 or 6 Key_Ids, but changing them seems to bring no luck.
Any additional help would be appreciated.
Thanks
Stefano