Content Digest

The content digest signature that is used to validate the HTTP message content. A hashing algorithm is used to create a digest of the message body. With the algorithm you can then rehash the message body and validate it against the pre-computed content-digest.

The content digest should only be computed for requests where message body is present

Generate Content Digest

Although sha-256 generated digests are considered secure, we recommend using sha-512.

Compute Content Digest

  import crypto from "crypto";

  // Define the algorithm
  let algorithm = "sha512";

  // Define the message
  let message = JSON.stringify({
    firstName: "John",
    ...
  });

  // Create the digest in base64 encoding
  const digestBase64 = crypto.createHash(algorithm).update(message).digest("base64");

  // Create content digest string
  const contentDigest = `sha-512=:${digestBase64}:`;

  import crypto from "crypto";

  // Define the algorithm
  let algorithm = "sha512";

  // Define the message
  let message = JSON.stringify({
    firstName: "John",
    ...
  });

  // Create the digest in base64 encoding
  const digestBase64 = crypto.createHash(algorithm).update(message).digest("base64");

  // Create content digest string
  const contentDigest = `sha-512=:${digestBase64}:`;

  import hashlib
  import json

  # Define the message
  message = json.dumps({
    "firstName": "John",
    ...
  })

  # Create the sha512 Digest
  digest_sha = hashlib.sha512()

  # Update the message
  digest_sha.update(message)

  # Base64 encode digest
  digest_base64 = base64.b64encode(digest_sha)

  # Create content digest string
  content_digest = f'sha-512:{digest_base64}:'

Make Signed Request

In the below example request:

sha-512: The algorithm used to hash the content message
RK/0...abDg=: Base64 representation resulting from the hashed content message

  curl --request POST \
    --url https://api.pipevest.com/v1/customers?sort=ASC \
    --header 'Content-Type: application/json' \
    --header 'Content-Digest: sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:' \
    --header 'Content-Length: 18' \
    --header 'Authorization: Bearer 123456' \
    --header 'X-Client-Id: 123456' \
    --header 'X-Idempotency-Key: 123456' \
    ...
    --data '{"firstName": "John", "lastName": "Doe"}'

Verify Content Digest

Re-compute Content Digest

See Step 1 in Generate Content Digest

We will call this computed-content-digest.

Compare Digests

Compare computed-content-digest to the one that was passed along in the original http header (i.e. - header-content-digest).

computed-content-digest === header-content-digest

In the example below, the header-content-digest equals RK/08...FabDg=

  curl --request POST \
    --url https://api.pipevest.com/v1/customers \
    --header 'Content-Digest: sha-512=:RK/08...FabDg=:' \
    ....

Verify or Reject

Reject the message, if computed-content-digest does not equal header-content-digest.

Welcome

Concepts

Generate Content Digest

Verify Content Digest

Welcome

Concepts

​Generate Content Digest

​Verify Content Digest

Generate Content Digest

Verify Content Digest