SignString

The SignString is generated by Method, Uri, Headers, Body from a HTTP(s) request.


KeyDescriptionExample
methodHTTP methodPUT GET POST
content_md5Computed MD5 hash of the request body in uppercase hex format.

If the request body is empty, set content_md5 to an empty string.
875264590688CA6171F6228AF5BBB3D2
content_typeContent type string.

If the request body is empty, set content_type to an empty string.
application/json
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
canonicalized_headersSee below for the specification.

If no customized header is provided, set canonicalized_headers to an empty string
as-api-key:c25b1e6fee2348b3a8bd21599b6ac2de
canonicalized_resourceResource Uri, See below for the specification./commerce/v1/products

To generate the canonicalized_headers:

  1. Extract all request headers with the as- prefix key. Kindly note that the headers with the as- prefix are not limited to as-api-key or as-signature-*, but also include other as- prefixed key such as as-store-id.

  2. Convert all the request header key to lowercase (except the header values case), and sort the headers in ASCII code order.

  3. Remove leading spaces and trailing spaces from the header key and value.

  4. Concatenate each of the header key and value with :, to form a header pair

    preparing...
  5. Concatenate all header pairs with the new line character (ASCII code 10).

Original Headercanonicalized_headers
AS-header2: ThisIsHeader2\nAS-Header1: this-is-header-1as-header1:this-is-header-1\nas-header2:ThisIsHeader2

canonicalized_resource is the path of the URL, including the query parameters.

Example
https://api.aftership.com/protection/v1/some-resources

canonicalized_resource
/admin/2022-01/some-resources

If there is any parameter, it should be appended to the path.

The parameters should be sorted by the ASCII code of the key in ascending order, and parameters with duplicate names should be sorted by the value.

Example
https://api.aftership.com/protection/v1/some-resources?key2=value2&key1=value1

canonicalized_resource
/admin/2022-01/some-resources?key1=value1&key2=value2

The SignString is constructed by concatenating all the required keys with the new line character (ASCII code 10).

preparing...

Make sure the string encoding is in UTF-8.