Discussions

Ask a Question
Back to All

Authorisation fails

Hello,
we are trying to authorise against the staging environment following the guide in the API documentation with a generated keyId but we constantly get the public role back, meaning the authorisation failed:

{"authentication_key":{"role":"PUBLIC"}, "status_code": 200}

The authorisation is done through a python script which i attached below. I tried different body formatting because apparently the digest always turns out different and also not as expected as in the provided digest checker.

import hashlib
import base64
import json
import requests
from datetime import datetime
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding

# Setup
AUTH_HOST = "staging.authservices.satispay.com"
KEY_ID = "XXX"

# Body format 1
body = {
    "flow": "MATCH_CODE",
    "amount_unit": 100,
    "currency": "EUR"
}
body = json.dumps(body)

# Body format 2
# body2 = "{\n \"flow\": \"MATCH_CODE\",\n \"amount_unit\": 100,\n \"currency\": \"EUR\"\n}"

# Body format 3
# body3 = '''
# {
#   "flow": "MATCH_CODE",
#   "amount_unit": 100,
#   "currency": "EUR"
# }
# '''

# Create a digest of the body
digest = base64.b64encode(hashlib.sha256(body.encode("utf-8")).digest()).decode()
digest = f"SHA-256={digest}"
print(digest)

# Create string for signing
now = datetime.strftime(datetime.utcnow(), "%a, %d %b %Y %H:%M:%S +0000")
print(now)

string = f"(request-target): post /wally-services/protocol/tests/signature\nhost: {AUTH_HOST}\n" \
         f"date: {now}\ndigest: {digest}"

# Same thing
# string2 = f'''(request-target): post /wally-services/protocol/tests/signature
# host: staging.authservices.satispay.com
# date: {now}
# digest: {digest}'''

# Sign the string
key_path = "/PATH/TO/PRIVATE/KEY"

with open(key_path, "rb") as key_file: # Load the private key from a PEM file
    private_key = serialization.load_pem_private_key(
        key_file.read(),
        password=None  # Replace with the password if the key is encrypted
    )

signature = private_key.sign(
    string.encode("utf-8"),
    padding.PKCS1v15(),
    hashes.SHA256()
)

# Convert the signature to Base64 format
signature_b64 = base64.b64encode(signature).decode()

# Create Authorisation header
authorisation_header = f'Signature keyId="{KEY_ID}", ' \
                       f'algorithm="rsa-sha256", ' \
                       f'headers="(request-target) host date digest", ' \
                       f'signature="{signature_b64}"'

# Compose all headers
headers = {
    "accept": "application/json",
    "content-type": "application/json",
    "host": AUTH_HOST,
    "date": now,
    "digest": digest,
    "authorisation": authorisation_header,
}

resp = requests.post(
    "https://staging.authservices.satispay.com/wally-services/protocol/tests/signature",
    headers=headers, data=body
)

print(resp.text)
print(resp.status_code)

#YIELDS THE FOLLOWING
#{"authentication_key":{"role":"PUBLIC"}}
#200

What are we doing wrong or did we oversee something? Can you please provide some help?