On This Page
REST API
Generating the Signature Hash
The signature hash is a Base64-encoded HMAC SHA-256 hash of the header fields and their values.
The following information must be included in the signature hash:
- Date: From the header, the date and time in the RFC1123 format.For example:Date: Thu, 18 Jul 2023, 22:18:03.
- Digest: The Base64-encoded SHA-256 hash of the message body. See Generating a Hash of the Message Body.For example:Digest: SHA-256=gXWufV4Zc7VkN9Wkv9jh/JuAVclqDusx3vkyo3uJFWU=.Do not include the digest with GET requests.
- Host: From the header, the endpoint host.For example:.nabgateway-api-test.nab.com.au
- v-c-merchant-id: From the header, the merchant ID associated with the request.For example:v-c-merchant-id: mymerchantid.
- request-target: The HTTP method and endpoint resource path.For example:request-target: post /pts/v2/payments/.
Follow these steps to generate the signature hash value:
- Generate a byte array of the secret key generated previously. See Creating a Shared Secret Key Pair.
- Generate the HMAC SHA-256 key object using the byte array of the secret key.
- Concatenate a string of the required information listed above.For more information, seeCreating the Validation Stringbelow.
- Generate a byte array of the validation string.
- Use the HMAC SHA-256 key object to create the HMAC SHA-256 hash of the validation string byte array.
- Base64 encode the HMAC SHA-256 hash.
Example: Signature Hash
signature=”OuKeDxj+Mg2Bh9cBnZ/25IXJs5n+qj93FvPKYpnqtTE=”
Creating the Validation String
To create the validation string, concatenate the required information in the same order as listed in the signature header field parameter. Each
item must be on a separate line, and each line should be terminated with a new line character
\n
.Validation String Example
host:nabgateway-api-test.nab.com.au\n date: Thu, 18 Jul 2019 00:18:03 GMT\n request-target: post /pts/v2/payments/\n digest: SHA-256=gXWufV4Zc7VkN9Wkv9jh/JuAVclqDusx3vkyo3uJFWU=\n v-c-merchant-id: mymerchantid
Sample Code: Generating a Signature Hash in C#
private static string GenerateSignatureFromParams(string signatureParams, string secretKey) { var sigBytes = Encoding.UTF8.GetBytes(signatureParams); var decodedSecret = Convert.FromBase64String(secretKey); var hmacSha256 = new HMACSHA256(decodedSecret); var messageHash = hmacSha256.ComputeHash(sigBytes); return Convert.ToBase64String(messageHash); }
Sample Code: Generating a Signature Hash in Java
public static String GenerateSignatureFromParams(String keyString, String signatureParams) throws InvalidKeyException, NoSuchAlgorithmException { byte[] decodedKey = Base64.getDecoder().decode(keyString); SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "HmacSHA256"); Mac hmacSha256 = Mac.getInstance("HmacSHA256"); hmacSha256.init(originalKey); hmacSha256.update(signatureParams.getBytes()); byte[] HmachSha256DigestBytes = hmacSha256.doFinal(); return Base64.getEncoder().encodeToString(HmachSha256DigestBytes);}