The header must be composed concatenating:

  1. The previously obtained keyId
  2. The RSA algorithm used to sign the string (rsa-sha256)
  3. The list of signed headers used when creating the String
  4. The previously created signature

Example:
Authorization: Signature keyId="vefn...", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="C5yy..."

POST /wally-services/protocol/tests/signature HTTP/1.1
Host: staging.authservices.satispay.com
Date: Mon, 18 Mar 2019 15:10:24 +0000
Content-Type: application/json
Content-Length: 123
Digest: SHA-256=ZML76UQPYzw5yDTmhySnU1S8nmqGde/jhqOG5rpfVSI=
{
  "flow": "MATCH_CODE",
  "amount_unit": 100,
  "currency": "EUR"
}
Authorization: Signature keyId="4ekqhmf77q95deciis2frre12el393rteletbrg4rffqri3n58lsjsvf6uph934o7vr69r93iu4ifc3tkeidlg5fhoogo3grmh99lr2g94a6aerbf56m48og47e6vnbfu13rf1vvj3l4b3mn3qd2ttoc4a8hh2jgb589s59d56tdmp7dkuobesvfmnnpf8cmg7646do5", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="C5yynRxJQG2VNdsH8yuGwgribKt1yzym8lYvTAwxFmjEf7akYgLeIGOkdZo5vE/oB7O7+kNgqHxPp9OKrs0XxGTBNNAOBPd0ELsptjuscWtF5dq/S4e8RjQvUcStJ6YOpwV/KyHwE1ovA1otrLpbxuUfqmNES65lRtYq6uuGinCJ+4mYnwrg9c6vuIJ/1b8VKi27PNpcJl4mwPg3hJ071T7Z2iolQRxDPN1ujQdKtUgudOIVLXiqQCPQKEaQQRvXkmh9fBH71fOsTPjvOP3q0XJp7tDPQF1K6MbF0RA6RehbuJ5nyBAOMWrk9r/+XrgC5zN3QmOtvrwmH2ko3du64A=="

Code sample 4/4

KEY_ID="Your Key ID"
# In this example private key is stored in "private.pem" file

BODY="{\n  \"flow\": \"MATCH_CODE\",\n  \"amount_unit\": 100,\n  \"currency\": \"EUR\"\n}"

DIGEST=$(echo -e "$BODY\c" | openssl dgst -sha256 -binary | base64)

STRING="(request-target): post /wally-services/protocol/tests/signature\nhost: staging.authservices.satispay.com\ndate: Mon, 18 Mar 2019 15:10:24 +0000\ndigest: SHA-256=$DIGEST"

SIGNATURE=$(echo -e "$STRING\c" | openssl dgst -sign private.pem -sha256 -binary | base64)

AUTHORIZATION_HEADER="Authorization: Signature keyId=\"$KEY_ID\", algorithm=\"rsa-sha256\", headers=\"(request-target) host date digest\", signature=\"$SIGNATURE\""
$keyId = "Your Key ID";
$privateKey = "Your RSA Private Key";

$body = "{
  \"flow\": \"MATCH_CODE\",
  \"amount_unit\": 100,
  \"currency\": \"EUR\"
}";

$digest = base64_encode(hash("sha256", $body, true));

$string = "(request-target): post /wally-services/protocol/tests/signature
host: staging.authservices.satispay.com
date: Mon, 18 Mar 2019 15:10:24 +0000
digest: SHA-256=$digest";

openssl_sign($string, $signatureRaw, $privateKey, OPENSSL_ALGO_SHA256);
$signature = base64_encode($signatureRaw);

$authorizationHeader = "Signature keyId=\"$keyId\", algorithm=\"rsa-sha256\", headers=\"(request-target) host date digest\", signature=\"$signature\"";
const crypto = require('crypto')

const keyId = 'Your Key ID'
const privateKey = 'Your RSA Private Key'

const body = `{
  "flow": "MATCH_CODE",
  "amount_unit": 100,
  "currency": "EUR"
}`

const digest = crypto.createHash('sha256').update(body).digest('base64')

const string = `(request-target): post /wally-services/protocol/tests/signature
host: staging.authservices.satispay.com
date: Mon, 18 Mar 2019 15:10:24 +0000
digest: SHA-256=${digest}`

const signature = crypto.createSign('RSA-SHA256').update(string).sign(privateKey, 'base64')

const authorizationHeader = `Signature keyId="${keyId}", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="${signature}"`