Updated on 2022-06-22 GMT+08:00

HTTP Body Signature

A body signature must be contained in the response of each interface. It consists of sign_type and signature.

Parameter

Value

Description

sign_type

HMAC-SHA256

Current value: HMAC-SHA-256

signature

base64_encode(HMAC_SHA256(key, httpBody))

base64_encode(HMAC_SHA256(key, httpBody))

  • key: Key value
  • httpBody: The entire HTTP body, including the starting and ending spaces and tab characters

Example of an HTTP response header:

Body-Sign: sign_type="HMAC-SHA256", signature= "abcd4567ed03sdfsdfsdfasdfasdgsdfhfgjgkghjllhjkl"

The format of the header must follow the example. Quotation marks must be added to the values of the sign_type and signature parameters.

For a code example, see ISV Server Signing a Response Message Body.