Wrong order of headers in example

paytrail / api-documentation

Paytrail Payment API documentation

MIT License

6 stars 11 forks source link

Wrong order of headers in example #29

Closed niklaswulff closed 2 years ago

niklaswulff commented 2 years ago

Headers are supposed to be in alphabetical order, but "checkout-nonce" is after "checkout-transaction"

https://docs.paytrail.com/#/examples?id=get

Jiia commented 2 years ago

The example is fine since it highlights that the order of the headers can be arbitrary in HTTP requests. The alphabetical ordering refers to HMAC signature calculation not HTTP requests. Before signature calculation the ordering must always be done manually without relying on the headers being in a specific order when received.

jfrojd-paytrail commented 2 years ago

Exacly as @Jiia said, alphabetical order matters in the HMAC calculation and the implementation should always take this into account and not expect to receive then in a specific order.