Closed niklaswulff closed 2 years ago
The example is fine since it highlights that the order of the headers can be arbitrary in HTTP requests. The alphabetical ordering refers to HMAC signature calculation not HTTP requests. Before signature calculation the ordering must always be done manually without relying on the headers being in a specific order when received.
Exacly as @Jiia said, alphabetical order matters in the HMAC calculation and the implementation should always take this into account and not expect to receive then in a specific order.
Headers are supposed to be in alphabetical order, but "checkout-nonce" is after "checkout-transaction"
https://docs.paytrail.com/#/examples?id=get