The open payments api's require signatures to be presented to the resource server when they are called with the GNAP authorization header. Supporting this functionality is required to have a secure functioning interaction between the Client and the RS
Intended Outcomes
All authenticated requests on the open payments api's should check that a signature is present and that is correctly signed by the client's key.
Further, any interactions that occur where Rafiki calls out to any open payments api's needs to actually generate the signature correctly and supply it in the headers along with the GNAP auth token.
Summary
The open payments api's require signatures to be presented to the resource server when they are called with the GNAP authorization header. Supporting this functionality is required to have a secure functioning interaction between the Client and the RS
Intended Outcomes
All authenticated requests on the open payments api's should check that a signature is present and that is correctly signed by the client's key.
Further, any interactions that occur where Rafiki calls out to any open payments api's needs to actually generate the signature correctly and supply it in the headers along with the GNAP auth token.
Links
Depends on