https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/91885#M2311 <P>Hi, I am developing integration and testing it with Postman using HTTP-Signature authentication.</P><P>I am able to Authorize Payment using&nbsp; developed PL/SQL function to create digest and signature. So I think logics to create those 2 string are good. In this case the request-target is '/pts/v2/payments'. Generated string then I used them in Postman in the header parameters.</P><P>When I tried to Reverse the authorization or Capture it the Authentication Failed. This is when {id} is used as the resource target. I think I may have passed the incorrect value to it. What is the correct way to create the signature string for these transactions?</P><P>Let's say my payload for capture is '{&nbsp; "id": = "7516794640286053503814" }'</P><P>I generated signature string by passing:</P><P>'host: apitest.cybersource.com' || CHR(10) ||</P><P>'date: Fri, 04 Jul 2025 00:00:00 GMT' || CHR(10) ||</P><P>'resource-target: /pts/v2/payments/7516794640286053503814/captures' || CHR(10) ||</P><P>'digest: SHA-256=rh73kE3V/yd021ggwIYRjXYg6E8SUVAuKRQZr0M9VKo=' || CHR(10) ||</P><P>'v-c-merchant-id: ifs_merchant01'</P><P>Above generates signature: keyid="62366e4e-3a34-47a0-ad5a-a6b4b5641672", algorithm="HmacSHA256", headers="host date request-target digest v-c-merchant-id", signature="vlyVYVmp4AbMUuFrHJJjaUXi1c5hBKTD+ayDllxA7ic="</P><P>I have tried to use only '/pts/v2/payments', or with extra '/' at the end:&nbsp; '/pts/v2/payments/7516794640286053503814/captures/' all of them failed.</P><P>Any suggestions?</P><P>&nbsp;</P> Sat, 05 Jul 2025 01:53:38 GMT ifs_merchant01 2025-07-05T01:53:38Z https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/91885#M2311 <P>Hi, I am developing integration and testing it with Postman using HTTP-Signature authentication.</P><P>I am able to Authorize Payment using&nbsp; developed PL/SQL function to create digest and signature. So I think logics to create those 2 string are good. In this case the request-target is '/pts/v2/payments'. Generated string then I used them in Postman in the header parameters.</P><P>When I tried to Reverse the authorization or Capture it the Authentication Failed. This is when {id} is used as the resource target. I think I may have passed the incorrect value to it. What is the correct way to create the signature string for these transactions?</P><P>Let's say my payload for capture is '{&nbsp; "id": = "7516794640286053503814" }'</P><P>I generated signature string by passing:</P><P>'host: apitest.cybersource.com' || CHR(10) ||</P><P>'date: Fri, 04 Jul 2025 00:00:00 GMT' || CHR(10) ||</P><P>'resource-target: /pts/v2/payments/7516794640286053503814/captures' || CHR(10) ||</P><P>'digest: SHA-256=rh73kE3V/yd021ggwIYRjXYg6E8SUVAuKRQZr0M9VKo=' || CHR(10) ||</P><P>'v-c-merchant-id: ifs_merchant01'</P><P>Above generates signature: keyid="62366e4e-3a34-47a0-ad5a-a6b4b5641672", algorithm="HmacSHA256", headers="host date request-target digest v-c-merchant-id", signature="vlyVYVmp4AbMUuFrHJJjaUXi1c5hBKTD+ayDllxA7ic="</P><P>I have tried to use only '/pts/v2/payments', or with extra '/' at the end:&nbsp; '/pts/v2/payments/7516794640286053503814/captures/' all of them failed.</P><P>Any suggestions?</P><P>&nbsp;</P> Sat, 05 Jul 2025 01:53:38 GMT https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/91885#M2311 ifs_merchant01 2025-07-05T01:53:38Z https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/91888#M2312 <P>After I changed the field name 'date' to 'v-c-date'&nbsp; when generating signature I was able to generate signature string that match live console, headers="host v-c-date request-target digest v-c-merchant-id"</P><P>the header string to be hashed started with linefeed, Chr(10) in PLSQL or "/n" in C#. This is nowhere to be seen in documentation except when I looked in the C# source code.</P><P>After changing the field name 'date' to 'v-c-date' the HTTP Signature authentication went through and got response. My problem is solved.</P> Sat, 05 Jul 2025 22:12:47 GMT https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/91888#M2312 ifs_merchant01 2025-07-05T22:12:47Z https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/92217#M2432 <P>&nbsp;Authentication Failed&nbsp; &nbsp;in Postman usually means incorrect API keys&nbsp; tokens&nbsp; or credentials&nbsp; Double-check headers, authorization type, and endpoint.</P> Wed, 23 Jul 2025 08:34:45 GMT https://community.developer.cybersource.com/t5/cybersource-APIs/Authentication-Failed-when-Using-Postman-to-Capture/m-p/92217#M2432 joywalim 2025-07-23T08:34:45Z