To maintain request integrity, Cashfazz are implementing signature checking, these signature are placed on the request header as "X-SIGNATURE", there are 2 signature hashing types used by Cashfazz:
- Asymmetric Signature without Get Token
SHA256withRSA (clientSecret, stringToSign)
- clientSecret = partner client secret in PIAS
- stringToSign = HTTPMethod +”:“+ EndpointUrl +":“+ Lowercase(HexEncode(SHA-256(minify(RequestBody)))) + ":“ + TimeStamp
- Symmetric Signature with Get Token
HMAC_SHA512 (clientSecret, stringToSign)
- clientSecret = partner client secret in PIAS
- stringToSign = HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":“ + TimeStamp