The content digest signature that is used to validate the HTTP message content. A hashing algorithm is used to create a digest of the message body. With the algorithm you can then rehash the message body and validate it against the pre-computed content-digest.
The content digest should only be computed for requests where message body is present

Generate Content Digest

Although sha-256 generated digests are considered secure, we recommend using sha-512.
1

Compute Content Digest

  import crypto from "crypto";

  // Define the algorithm
  let algorithm = "sha512";

  // Define the message
  let message = JSON.stringify({
    firstName: "John",
    ...
  });

  // Create the digest in base64 encoding
  const digestBase64 = crypto.createHash(algorithm).update(message).digest("base64");

  // Create content digest string
  const contentDigest = `sha-512=:${digestBase64}:`;
2

Make Signed Request

In the below example request:
  • sha-512: The algorithm used to hash the content message
  • RK/0...abDg=: Base64 representation resulting from the hashed content message
  curl --request POST \
    --url https://api.pipevest.com/v1/customers?sort=ASC \
    --header 'Content-Type: application/json' \
    --header 'Content-Digest: sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:' \
    --header 'Content-Length: 18' \
    --header 'Authorization: Bearer 123456' \
    --header 'X-Client-Id: 123456' \
    --header 'X-Idempotency-Key: 123456' \
    ...
    --data '{"firstName": "John", "lastName": "Doe"}'

Verify Content Digest

1

Re-compute Content Digest

See Step 1 in Generate Content Digest
We will call this computed-content-digest.
2

Compare Digests

Compare computed-content-digest to the one that was passed along in the original http header (i.e. - header-content-digest).
computed-content-digest === header-content-digest
In the example below, the header-content-digest equals RK/08...FabDg=
  curl --request POST \
    --url https://api.pipevest.com/v1/customers \
    --header 'Content-Digest: sha-512=:RK/08...FabDg=:' \
    ....
3

Verify or Reject

Reject the message, if computed-content-digest does not equal header-content-digest.