Discussions

good morning, I'm unsuccessfully trying the pre_authorized_payment_tokens call. I continue to answer 403. I'm generating the keys directly from your site, linking one like body: { "reason": "Monthly payment", "Callback_url": "https://mysite.com/callbacks/{uuid }" }. The result is 4p4IkKXsOziHP5bWNdh / e73499HvYhcQFUnWZ / WbJC4 =. And this string for the signature (request-target): post /g_business/v1/pre_authorized_payment_tokens host: staging.authservices.satispay.com date: ven, 18 ott 2019 14:43:51 +0000 digest: 4p4IkKXsOziHP5bWNdh/e73499HvYhcQFUnWZ/WbJC4=. Both of them generate links provided by you. But the answer is always Forbidden. I use a sandbox account.

Hello, I have some issues with authentication. Getting 403 Forbidden. First of all: I checked with the online tools and both the digest and the signed string are correct. Below the data: Body: {"flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR"} Digest: SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4= Signed String: lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M= Authorization header: Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=" I am using .NET Core 3.1 libraries, so I cannot take the ready-made PHP SDK. I managed to capture the request data using Postman as a proxy, and here is what I am sending to your servers: content-length:63 content-type:application/json; charset=utf-8 host:authservices.satispay.com date:lun, 04 mag 2020 16:36:57 +0000 digest:SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4= authorization:Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=" Any clues as where the issue could be? I already (successfully) got 5 or 6 Key_Ids, but changing them seems to bring no luck. Any additional help would be appreciated. Thanks Stefano

Dear support, I'm trying to perform a call for create a payment. Following the documentation and the other tools I've this request: METHOD : POST URL : https://staging.authservices.satispay.com/g_business/v1/payments HEADERS : Content-Type : application/json host : staging.authservices.satispay.com date : Wen, 19 Mar 2020 16:10:24 +0000 digest : H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM= Authorization : Signature keyId="r95udmo9oo2tbt9q9j3gm5gekao2tbo0ph5pjpd686dp5dcrtb61d7hn0tm7jh3l1r5si4oqh1t31sbeo1urgt893v5063eningek5eird7fc9c30iqq7ai878f5o1bha6u8bso5p5i009b0dqnkeclt5grng17mfv5032h4nus2jib2oe3qluc4nkahr5m71fl1bp3e", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="Yosf2ekIXU7GWpK88jWstJuLp1xTmVSA9toIAYPGydYjgKDY3U9LnLzQc6UoerevUmY8O+nSawp/38HunFag+fHOff+NI8A6VVJLCcFSlgL9Ja4JQerue8UQ4+gOfRrWqA918U9/6ERrUWX6ezeqnuci2EnET5L0hM3N7GWlvmWO5mm3S1dSC0wueKRqWn3gU+XH9tEb5wsk/Zltrj/H2PY/Mf0h7V2RkH3XBJcZMhPVcLC/5+mcKTFbjtbG9hotq8lksiPnj0eCKvXrLfNeZlgVLcdDDSfwcz7MC168inScmQKP7OpvRklxl92/buPFEVbAMGpGXk6JnKYWZzujz2EIHQlQtwPE7Xv8fQogdBPBeTegasADzeCYvGIJpcN+2NJoqnCzUTky+Um73rvJwP0cL5mSySZi2qMwhtnWZnq+SWB+QVCuICi23F6P2+n36/CkuHde72q4f5hL0XA77duYR7PXajbNyM39CsC6mLzzLr5CGYsXz23LKv1U9GqT4uuqxg3jKm08YINhu6XBYod4LkeJjB1bbaShrZoqOE5UODhySwtwTWJjG/6Pagyeijr27sRyhsYlS0mb9UmAjT2HG66/K79EHtt40lIAuZYJMiItsj/hbOV76fCoGVBVfmB25utG3S8kEHW39i9fcEcp3Xi0nVfLHfeNPi1es38=" The digest was generated from the following body: { "flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR", "description": "my_description", "callback_url": "https://myServer.com/myCallbackUrl?payment_id={uuid}", "metadata": { "order_id": "my_order_id", "user":"my_user_id", "payment_id":"my_payment", "session_id":"my_session", "key": "value" } } With the tool. Also the signature was generated with the tool from the following (and the generated private key): (request-target): post /wally-services/protocol/tests/signature host: staging.authservices.satispay.com date: Mon, 18 Mar 2019 15:10:24 +0000 digest: SHA-256=H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM= But the response is : { "code": 45, "message": "Forbidden", "wlt": "iZt3QxnY" } Can you help me? Thanks

I received this error: { "code": 45, "message": "Forbidden", "wlt": "nHAGj0PP" } I use Activation codes for Authentication and public key type sha256.

Hello, we are integrating the Web-button - pre-authorization FLOW (https://developers.satispay.com/docs/web-button-auth) When creating the button, while display the qrcode, after confirm the authorization on mobile app, the web button remains in state "La richiesta è stata accettata Attendi qualche secondo..." and in browser console I see this error: Error: Missing payment details web-button.ts:151:23 ioInitializeStandardWebButton web-button.ts:151 fromOption pipeable.js:162 pipe pipeable.js:13 ts web-button.ts:149 Webpack 3 __webpack_require__ As we are integrating the preauthorization flow, what payment details does expect the web button widget?

Hello, i created a business Sandbox account, created an app with associated account, made the rest api with clientId and secret and obtained the access_token. The problem is: - is it necessary? - why https://authservices.satispay.com/g_business/v1/authentication_keys doesn't work?

Hello, I always receive an authentication failed response (role=public). Here is the full code $keyId = 'qr00fekd2ld3kaqjrli7c01jmdmnq57tngni3qldaq1qtipk2da2ddi15d4huci6n21t2cohb8gcb5ei007cea1b4g4rktmn9iq42v2r463i831kj7qlici5oo1gc886ph0e8757bcf15b6gpll266a4a7fic769gd7dfsnj2gdnp3qgj86um742be7ctmmajj9d4gb9'; $post = [ 'flow' => 'MATCH_CODE', 'amount_unit' => '100', 'currency' => 'EUR', 'callback_url' => 'https://myServer.com/myCallbackUrl?payment_id={uuid}', 'metadata' => array("order_id" => "my_order_id", "user" => "10", "payment_id" => "PPP12345" ), ]; $reqDate = 'Tue, 28 Apr 20 10:18:42 +0000';// gmdate(DATE_RFC822); $digest = base64_encode(hash("sha256", json_encode($post), true)); //GENERATED DIGEST IS mI0YGicSLEGMd5/XQcexSVOLL7pbM4XXmXoX0spADsI= $string = "(request-target): post /wally-services/protocol/tests/signature\n host: staging.authservices.satispay.com\n date: $reqDate\n digest: SHA-256=$digest"; $pkey = openssl_pkey_get_private(file_get_contents($path.'/private.pem')); openssl_sign($string, $signatureRaw, $pkey, OPENSSL_ALGO_SHA256); $signature = base64_encode($signatureRaw); // GENERATED SIGNATURE IS QJ8eCV9RbyiXttn8gDMBk/LNc771wvg56vKpP5bU5C9UPQWWo/zuygJ6i5nobCp0EPoh7jgBhd9q9hvwxtW9HqXsUe3RWZOZWSKVGLuZLSFCeRy3dECFedtJRxclTbvDxe7uB14+Iprv8ALUR0Vp/04k0ZAWJ18Fw9jRn0ojSPO2GaZHKUlj5vjELLwVQHMevz76RlKyh1VK/IFznuGjrgxJV1TJEJSxsbE63I88RBslPetZD9iBhGx/nqK/dCa7QTpjiTrJyS+46rSRi8no0rSTLwx+b29LIh2eXSsnihM6vY/kIe65faUFySUp3iYlApKf3Mp3lrvXp6IeZa8TI2qz/pxH7jp2DTJUDEdab/x9qlz4zljwKpbwGJ7iSlJ2K6Bh/bNO5A1GUEgBdWvCSBd4e9fu8LTYCIG3VImpHDrTXY5/bY3LBcaIW9QsK00lK52gwOK93djAz/DXUeD0omjnRJnymQQ9ta0HS+ts06VdB2WzjwfmDRcB704nGGIqz4nWxRyQKmfj+zZf3rFc5j3cXtNUD/aMvKvc7Rd8tZJMJpFZBZQQUdm8HsauHfHmPEJMout9EKvDC1x0vCS+vW6j8zDydGxvNoP0v7Db9p38Tm03jgPo9dNqV6g3G9CmjXhJosXxsXGRpphVQkRWtCK3AFS7LJwcFABgAi6E4bg= $authorizationHeader = "Signature keyId=\"$keyId\", algorithm=\"rsa-sha256\", headers=\"(request-target) host date digest\", signature=\"$signature\""; openssl_free_key($pkey); // Test the Authentication $url = 'https://staging.authservices.satispay.com/wally-services/protocol/tests/signature'; $ch = curl_init($url); $customHeaders = array( 'host: staging.authservices.satispay.com', 'Content-Type: application/json', 'Accept: application/json', 'date: ' . $reqDate, 'digest: ' . $digest, 'Authorization: ' . $authorizationHeader, ); curl_setopt($ch, CURLOPT_HTTPHEADER, $customHeaders); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, Json::encode($post)); $result = curl_exec($ch); Can you please tell me what i'm doing wrong? Regards

Hi, I write to you because the module, that I have installed on PS v1.6 platform, doesn't show the Order Confirmation message in the last page of the checkout. When the customer is redirected on the website (after the payment with Satispay), the module shows him an empty page, that seems broken. I've checked the module files (specially, the return.php) and these is what I've found: 1) When payment is closed successfully the redirect to order confirmation page happens, but as the module hasn't got neither the HOOK_ORDER_CONFIRMATION nor the HOOK_PAYMENT_RETURN, the page appears blank. 2) When an error payment occurs, instead, the module brings the customer to the Order History page, without any error message. This doesn't help the customer to understand the payment isn't close successfully. Perhaps, it would be more correct if the order confirmation page tells the customer both when the payment is closed successfully, and when an error occurs. Could you help me to solve this problem? Let me know.

Hi, I have a React web project and I want to add Satispay. What's the best way to import it in my website? Thanks

Hi, I'm implementing this workflow: https://developers.satispay.com/docs/mobile-app-auth After getting the tokenId we call the Sandbox App from our App passing the tokenId and the callback url. The Sandbox App asks me to authorize the automatic payments, but when I confirm the callback url it is not called by the Satispay server. The callback url is a web service like this: http://<myserver>/payment/satispayMethodCallback It answers to all GET requests without authentication. Which could be the problem? Thank you cld

Hello. In our e-commerce we are using the Web-Redirect payment flow, implemented using the old API. So we are using the "/online/v1/checkouts" call, redirecting the user to "https://staging.online.satispay.com/web-app?checkout_id={checkout_id}", who then will be redirected back to our site through the redirect_url we provide after he accepts / cancels the payment. In the old API the redirect_url would include the charge_id as a query string param, so that we can check the payment status and show an appropriate message to the user. We are now trying to move to the new API, but with the new "v1/payments" API it seems that the payment_id would not be included as a paremeter of the redirect_url(there is no mention of it in the documentation, the same holds true with the Pre-Authorization Web-Redirect which uses a similiar flow). So am i wrong or the payment_id won't be actually added to the redirect_url as happened with the old API? Thank you Stefano

Hi there, how can I simulate accepting payments from the staging app? Scenario: - Users makes a one-off payment using MATCH_CODE (scanning QR via customer app) presented via Web Button. - Vendor reviews payment and accepts - Satispay API should call the callback_url uri address Are staging payments automatically accepted and Url called every time? Is there a way I can simulate the real flow without going into production account? Thanks Stefano

Hi there, please, can you tell me why after a payment, into the Woocommerce orders list (and bviously also into the single order page), the status of a Satispay payment remain stuck on "Waiting for payment" ("In attesa di pagamento" is the locale message we get in italian)? Which could be the cause of this behaviour? Thank you.

Hi there. In the Mobile app payment flow for iOS the documentation states that the following url scheme must be opened: satispay://external/generic/charge?token={payment_id}&callback_url={url_to_open_after_payment_approved} Is there a way to specify an different URL to deep link to if the payment is canceled by the user? Either that or appending a parameter to the provided url (something like ?approved=true or ?canceled=true) would be useful to handle both scenarios differently in the caller app.

Hi, I'm trying to implement this scenario, but I think I'm missing something: in our e-commerce, customers can make orders that have to be confirmed later by the admin (or refused), so the payments have to stay in a sort of "pending" status and then updated with accept or deny. I see in your docs the "PUT - Update payment" API, but I can't understand how I can create the order with this kind of "pending" status. Eventually, is there a way to use also the PRE_AUTHORIZED flow with the same scenario as well? Thank you

Good morning, I have a question about this flow: https://files.readme.io/0ab91c3-no_title_1.png When authorization has been approved the Satispay app should make a redirect to our app. We pass the URL to redirect to into the parameter callbak_url: satispay-stag://open/preauthorized-payments/payment?id=c5ff83df-0999-4377-91f6-824e517b5d1d&callback_url=myapp://myapp.com/payments The question is, the callback_url could be an url_scheme such as: callback_url=myapp://myapp.com/payments ? So we can use Deeplinks to intercept the call. In which way the Satispay app makes the redirect? Ours is not a native app so we can't use the Satispay SDK. Thank you Claudio

Hi, I've obtained the KeyId using the dedicated API, but I've not saved it and I lost it. Now when I call the api with Activation codes for Authentication (token property in json body of post) provided during the account creation, I got only a 403 error with this body { "code": 45, "message": "Forbidden", "wlt": "wiR2WUAk" }, that means Token already paired. How can I obtained a new KeyId? I'm using a sandbox account. Kind Regards

Salve, potreste darmi una indicazione sul significato del codice di errore: {"code":46,"message":"Unsupported media type","wlt":"3PphCsbA"} Sotto riporto la richiesta di autenticazione. Grazie e cordiali saluti curl --request POST \ --url 'https://staging.authservices.satispay.com/wally-services/protocol/tests/signature' \ --header 'host: staging.authservices.satispay.com' \ --header 'date: Wen, 16 Dec 2020 18:24:05 +0000' \ --header 'digest: SHA-256=RCtf9dVtFQlDmKB2lBPSibcYiQHIcLJWsKjWG9HQvnU=' \ --header 'Authorization: Signature keyId="o6s6g9qcfkc5fmiud97himsb45g9fc1oj80nnfnod0fu1opq7525jd5d2net4gm4ppro71bjjedj18d2653p778efppg8d2rici61b53sfup1kovlbst7spaldo5dc8nkck1u7o18ta6ikahl4nvrlimhbsjjj07kg1skls8c1qsf8r26a9ue3922a786jlfav6pd6n5", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="BeuNc/XuUTQibhha5U1spm9r61CteHVJpP0JDMQdXtslm3kEWfvUnm7bnxP1GgP+xbCKUI7k7tbbifAibWvIfNogeihv/kdwmGf3TVp+Smb7SZwngRG4t+7CaEuls1uiFrZvcvzOElGpTvb3lYwVkQcfhLXIg3qinVRYU03Z4Mrpdvy62AGAcmaTL8cpue44tHsAc1aMpecl/9+ZX8KNv/sXEiBwHEraBECVL2T5p5BAKLTM2X0ZVUvUUQXOnOM0xvojiSLrglPEQJNNiIoUyfXTHCIYRmgPz/bbgPCAOObrr/9Ax9Oe/ITOGBFj8ye9UdwY83LKeJj6kb+XMMCGM45hHZLxRXkknQDmC7btRBmzSPNW1Mnw/XGoFFdMheQ2te/M2p2yb5ByXS8Ubsu7wUOn6bsRDV0bXQKCMms8Qnk3wCWYE4SkEfaTql2YxJjUKDLiKYzaIghPcRTHdpcGNuyAd46f/5LbR5NomUs5NE+1Jynhcwwzg3zAGeDJkgWXQuEKmh/VZsz8hrNddroQFiADXzwr6YvFhcx9pzuwvtIYwCHGanYkMqoeayQVFZCDU8g72Hehadud7U0cKlFSgRQJn+vknXV5SkXnhg/gb4ltKX6rNMlrcQWX5RzEqrjmz56LC7sLNCwd3xZVWVdmlYW2Z8SLq/gbSlAF72H3EdE="' \ --data '{"flow":"MATCH_CODE","amount":"89999100","currency":"EUR","external_code":"my_order_id","callback_url":"http://localhost:56993/checkout.aspx","metadata":{"order_id":"my_order_id","user":"my_user_id","payment_id":"my_payment","session_id":"my_session","key":"value"}}'

Hi, I'm trying to do an Authentication Test. public key: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxuoblYC3ex5k1yh8Y+GK oGCWS9BpQnO7Oqbpa0OB0vujQ+mr0jST6UUFeQBsHnTHgvgVVFbroZf1YCdm2EVn HRWSeWyr3JudhK5vEhfx7Lqh9Ye9PWrawf54armxskx38wvmZMW/I/OvdYRddOes meKqucMTp1kEK9YYT92lWXEJBhurdQW8Nl5zDMGG5HsZkqNpmrmEdCohUbMV3mvz 7mh6gB5n2wn91HGalmzhI2qU4EsjBuaYtFf0Ii0FlDqFOkPFHzWgeMh265qkTClw ZMXjk/zgsiGOYRGaJXjnDjBvB9ZoocyCiYKrG0YdVDHu7SFsfKVpnEP3aZVyCe9a c/eA5XDR1RN992AziBdeThIra/5hDtC8eo3qSODARfag4X31leNipfkN8vQTvgyd 3Aa62wez5tFkQyFtIKRXPUt5xCmb7kp6w7C/pNjbl1JEf/LzoH8V3RlJoYnX9ItB jNty3gwr2MMcKFw3desM2JyHcZBhT4PFymRTpJypej2kMB238MQHBGWN8iFtUnhJ jYT1VmK/SqAxIvC5EL1rKid/Ew26WpVmK38sDASPojcvEVRTNGUlATra95tsTpMs 3KuNyOe/6LwZxlAWJsy0MQHS0UDjUTft8tWhRqvxKC7uSvQElLkv9+MibPghmwEf JKGXTQy4WW2P9kHdXCuNNpMCAwEAAQ== -----END PUBLIC KEY----- private key: -----BEGIN RSA PRIVATE KEY----- MIIJJwIBAAKCAgEAxuoblYC3ex5k1yh8Y+GKoGCWS9BpQnO7Oqbpa0OB0vujQ+mr 0jST6UUFeQBsHnTHgvgVVFbroZf1YCdm2EVnHRWSeWyr3JudhK5vEhfx7Lqh9Ye9 PWrawf54armxskx38wvmZMW/I/OvdYRddOesmeKqucMTp1kEK9YYT92lWXEJBhur dQW8Nl5zDMGG5HsZkqNpmrmEdCohUbMV3mvz7mh6gB5n2wn91HGalmzhI2qU4Esj BuaYtFf0Ii0FlDqFOkPFHzWgeMh265qkTClwZMXjk/zgsiGOYRGaJXjnDjBvB9Zo ocyCiYKrG0YdVDHu7SFsfKVpnEP3aZVyCe9ac/eA5XDR1RN992AziBdeThIra/5h DtC8eo3qSODARfag4X31leNipfkN8vQTvgyd3Aa62wez5tFkQyFtIKRXPUt5xCmb 7kp6w7C/pNjbl1JEf/LzoH8V3RlJoYnX9ItBjNty3gwr2MMcKFw3desM2JyHcZBh T4PFymRTpJypej2kMB238MQHBGWN8iFtUnhJjYT1VmK/SqAxIvC5EL1rKid/Ew26 WpVmK38sDASPojcvEVRTNGUlATra95tsTpMs3KuNyOe/6LwZxlAWJsy0MQHS0UDj UTft8tWhRqvxKC7uSvQElLkv9+MibPghmwEfJKGXTQy4WW2P9kHdXCuNNpMCAwEA AQKCAgBpvQ0IvjHK+u80CMuG9OASPQXoK1OpBYhjt1KhuHMMysORWGgEB/sQp6Yv GnBfCEj+cA42lTYQ4oyHnqpnEQ2tQkhoz8HUNczYOTnF7oCmDNgHgy6vtVuwgCtW 4Ht7gnbI9mx06UGgROvilohvmq//5aRHt1F9Ri6XdunZmsNI9nOLka3lOTVB2Zdj EoU4c8+2SbPbkf69GaA4o/BeGhjDhTqJXKBsqbUK95DrodlUUFXvnUFza6WFSLP4 buJmV212+YuR+ZniWv4MZFouOmEK0L8Xbfer+XaMVyUQAmMhAdIj4nAggmxp2NJI X0878IdH+tqGsA+iB+c/czf53AjCaKgpVXPWU7+z8XqIqhwm/+sJxn3yDzbQgDRV 6Hf8MHdI50IxXRfB0QlvRMlbx/NPSAAfys81C0riwRnoweTDHnMrXW/a3HPohtDe RML2RzOStQM+3nOk84zqbQ9vmDsZlSTjGckjsFAmXfLqVrNiep0aL2hDmmidRtLR LbF+31xFuWiAeNNPsglvI0Ew2eh9K4V26V2Z9vpe8wgKxow5ce8ukdLDb/SMrQKG Ib/LHvDzrXPqV3vqzQewwyw822DvX+sMKn/T13kO2rDgwSYGOerJMpyw4LXhBtx2 Y0g9ODTCa6TiHQ//WhjJekSiMVBrDoxLv9OjwSq9icVI9xcQgQKCAQEA6POvg7l+ 4HDxJsJ3909X+JE0EaiK/WRDqGGQhKeC9r1CoqZKv+JikBeomjzHoQZq0QD8mWnU C+/xOsPEVJXoIGuDUl8JyM+oZz1m4hvifawFI70EPtthxnl9qRkgeeFPsPCxcFCq tnKrcmsaF5v/LyNr4bkjWrCQ4r/w5ur3ENeMgDdP61cOMdVlApADxXIuPAx6v3UN ZSuW0WFFUNjOFmIQSoh1fr7Y99IG7GWBUDiub+32VQ3il2I4kAiZ5LEXSlQC1+8x KveNCHpq4nRDJFPjIkuMu7MLRXJYedIG2yFbxdvxL/2N/YjXRkTABQa9x/8fTheW Vij3E1SlH5zScwKCAQEA2phOgG89Qyh61Uuout3LBhXGZZ30Qr0FPnjCQmSmbRLy vaidZpjyaUa1PNa1ZJaFoOXi/p4Fd5tl2Cp03vogqbz7gzGaej2u6LxygcUE1meG qk9+GH/xNfbweCpbyxs9Ynv/+GYcVFLnwb2Z6D0Qhl0BjHvp43ptff2EeKkB0u+b 6qSqTSFMTKrcLuVjx7cetTgGfK2jHiez6Rcs1Czk9ueZg0UFRM0PAEf2zqrdQ1g/ Etb3WOU1PCanEWhhC8svlff59XMcp77BOZ6ARqu/e7J+CHIl4k6dVwgyHFJq6PEV VGeG/ttoIfFxse91OdTLcOpUmf5tMtZVQYfbcoVjYQKCAQBIEyWJ1vm3jZo/SMn/ XbA1Ow/mKsSeM8hvL4icUovFtbcJRfQ4vF2MgZVr60REwQyJkAmXmdO+wcVcTjfP h/YjGcCu2rLXS9Cp6KiNat0/ztpkPVYz8IKm+u3zRM/0hc63SzFLM9otyvra0uJm zaA9wHLfiv2yUJDzZzms6KP6tQZGoVZ71RqSNpkjGtXf4D0H3UCZPikf1UW7kKH2 qq3Q5RRvSxs3VOsiefwkZh+FZ5QpE3I0zK//8KbZgZ/DzzsKh0W988a9qYwcRGwP lrMzaTUMZl2rsXDaUs+nGWF/qSmQ5UUReRzWheE9X4YdyAEuAPR5n/imvdP8SiMw zb+bAoIBAF1waW4BHuDMNuVh9/gYwqYRPMNHJ5g3kDxKBk+3EmThip2Dq/SlQEm8 DdC5vsQGi4xheAx6o7+iz3/9dgOyS7ACtkg4Nd4268NUemX6P70ed7PpUu9KEWON 8PCMurwxIqYsdxhJHab14Vcxos5g++VTcEwK08mHFbKbYbrqE3uFLNK6HInnx+Ol zYTGTUabgibYkf1Ng8JqGj9yxpjTr/PSwA4avMvSE619FYT2CKq22A9HkGeRYpYZ t6R7R7Bw5CBo5ZID6KXTpmjo1dBfrfREMheOI59/F0aSnEj6+fQkyYdQ0aWzR+nq eT0kLKnRyjy0DgHdffQTJlJirm1fk0ECggEAdMgYbXxFniPFJLGhfJevj9CUWh9i hfCFuTmdzVmL+N3uFtTjpIuLObw53HYWZi8tdUwDdOmDeSfW64GZuF5iAyqbISV4 Mdt0389BDVmWbnDjFvLwlYHKbn9R71BHoMM9ETu2GHtfHf6DmJ+2EIe+GSrXeDYK CJ5VD6JreLX4OjL4vrBj+yuOeaWURLLkm0SjqK326xLQ6+h4zEMnI/JprOVKObt0 W6zpeskS77RCijweeGpt6c7aytGWrv6Nx0YNWBDChgnKjaFJS5NObS/UXu2o3cL5 Qp4dGpZxgwYPqSi1tTKyv0E4fd5DPD60Qt570/lbbPHODBx6Hmx2eunv0A== -----END RSA PRIVATE KEY----- keyId: vmkhqr4c41u9p2mv2sr0l35a6r0eb3v0uqffgd5cptcr7nm1b0pe9t8v2hobeuic8afbomhgfhgfbbv6ntv1or5q0n8cc5pe55ggtvnn9e4mkcdpkmencvmu14fvs18ov8id9e4suamrj9in9kndlln872kojqcmdtdpp8vmt2cgri4in6msejbp27rc07d54aandube digest: SHA-256=ZML76UQPYzw5yDTmhySnU1S8nmqGde/jhqOG5rpfVSI= uri: https://staging.authservices.satispay.com/wally-services/protocol/tests/signature headers: Accept => application/json Date => Tue, 05 May 2020 14:29:18 +0000 Host: staging.authservices.satispay.com Authorization: Signature keyId="vmkhqr4c41u9p2mv2sr0l35a6r0eb3v0uqffgd5cptcr7nm1b0pe9t8v2hobeuic8afbomhgfhgfbbv6ntv1or5q0n8cc5pe55ggtvnn9e4mkcdpkmencvmu14fvs18ov8id9e4suamrj9in9kndlln872kojqcmdtdpp8vmt2cgri4in6msejbp27rc07d54aandube", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="xc/allCP6F2l4pN+/k/YYGrRSqVIP/Pd02TRKFlLHBq+wcGZGv2FE1QBblvhHPvAE7BDlboljyJkuvBbZAy77sBGjEU4x3xgv91QQh/w1VKwlipwMbKKTAi8kXNc/ly4Opqz6XPTOg5kvdxGpuzj2ny4OcxwxabElWfuIULmoxFuSumA2EV3qbEg6v7ex7fCJuSOrgWjotS6DXNXhE/AqI8udaxSXsqzKlGJspOrMxTfRRtUiXLd7ZIJhTuZyPAO3/8UaO9w2SjrRayYquQs1LWYFBN2O0aqSFVhcb7AoOJYLIq9gyxbJPkyVetEptlO9TRAtga1+NNlQNyVHkfFHie0W7BDmLkrBMhroQ9h54rexx88JO/GP+DWlD6igTgHh1c7/8chlvKj/SIsiT6aOO29MWsidbk06GfzOkrZm/zvIBx934gDWW15h9EzRIa5hcc7EJdaPF2F4nEiOhUFxNpMubErBdSpV7GzIl4jGBY2ofZp8hOw4/JRoQRAiW9stwwc/v5JAFfu8LzFEnnGK0hI95oi88nvV+5G6/YTUb1sZUv0fS5rsQuw4GMaiWUyAExmtBSIE6JG1vqvbg/bFiUxpBy5ewCw29IJ26AR7IgMzV7EnXx8+5ovKXziZOL+S6t7IVadAW4dyHr6ouPWwqr4TL3JMBFlKZEesZkiz/A=" body = "{\n \"flow\": \"MATCH_CODE\",\n \"amount_unit\": 100,\n \"currency\": \"EUR\"\n}"; string "(request-target): post /wally-services/protocol/tests/signature\nhost: staging.authservices.satispay.com\ndate: Tue, 05 May 2020 14:29:18 +0000\ndigest: SHA-256=ZML76UQPYzw5yDTmhySnU1S8nmqGde/jhqOG5rpfVSI=" THE RESULT IS 403 FORBIDDEN BUT AVERYTHING SEEMS CORRECT

Buongiorno sto testando l'API con i codi di attivazione, ho seguito le istruzioni per attivare il token di sanbox tramite api https://authservices.satispay.com/g_business/v1/authentication_keys utilizzo node.js + express il post mi restituisce un errore code\":41,\"message\":\"Resource not found\",\"wlt\":\"WmeSFaT7\"}" come posso risolvere ? grazie Flavio