Signing requests provide a second layer of security on top of the authorisation bearer token and guarantee that the payload has not been tampered with.
We strongly suggest testing our Payment V3 APIs in Insomnia and then on custom code: this allows setting the environment correctly and easily.
Insomnia
To sign a request in Insomnia you just need to add our Plugin the Preferences. It handles the Tl-Signature allowing you to check if all the credentials and variables are set correctly.
If it doesn’t work, try to reinstall the plugin as it can be not updated and it would not generate the signature correctly. Insert the name of the plugin and install it again.
Code
- Client libraries
We would strongly suggest using our Client libraries as they handle the signing for you and allow to speed up the integration. By now, the languages available are:
- PHP
- .NET
- Java
- Signing libraries
You can also use our signing libraries on GitHub. As they require more integration, can be subject to more errors.
A first possible issue could be that the KID is wrong and/or not linked to the private certificate being used. You would need to double-check the KID linked to your public-private key
Test the signature using our /test-signature endpoint (Test your signing logic).
If you receive a 204 Response means you have correctly implemented request signing but, as this does not perform any kind of validation on the body schema, the issue could be there.
The most common issue is that the payload being sent is not identical to the payload that was signed.
Please double-check if the payload is the same and if it is passed as JSON.