developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Authentication Failed when Using Postman to Capture/Authorization Reversal

View the SolutionThis topic has been marked as solved.

Hi, I am developing integration and testing it with Postman using HTTP-Signature authentication.

I am able to Authorize Payment using  developed PL/SQL function to create digest and signature. So I think logics to create those 2 string are good. In this case the request-target is '/pts/v2/payments'. Generated string then I used them in Postman in the header parameters.

When I tried to Reverse the authorization or Capture it the Authentication Failed. This is when {id} is used as the resource target. I think I may have passed the incorrect value to it. What is the correct way to create the signature string for these transactions?

Let's say my payload for capture is '{  "id": = "7516794640286053503814" }'

I generated signature string by passing:

'host: apitest.cybersource.com' || CHR(10) ||

'date: Fri, 04 Jul 2025 00:00:00 GMT' || CHR(10) ||

'resource-target: /pts/v2/payments/7516794640286053503814/captures' || CHR(10) ||

'digest: SHA-256=rh73kE3V/yd021ggwIYRjXYg6E8SUVAuKRQZr0M9VKo=' || CHR(10) ||

'v-c-merchant-id: ifs_merchant01'

Above generates signature: keyid="62366e4e-3a34-47a0-ad5a-a6b4b5641672", algorithm="HmacSHA256", headers="host date request-target digest v-c-merchant-id", signature="vlyVYVmp4AbMUuFrHJJjaUXi1c5hBKTD+ayDllxA7ic="

I have tried to use only '/pts/v2/payments', or with extra '/' at the end:  '/pts/v2/payments/7516794640286053503814/captures/' all of them failed.

Any suggestions?

 

ifs_merchant01
New Member

‎07-04-2025 06:53 PM

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

View the SolutionThis topic has been marked as solved.

After I changed the field name 'date' to 'v-c-date'  when generating signature I was able to generate signature string that match live console, headers="host v-c-date request-target digest v-c-merchant-id"

the header string to be hashed started with linefeed, Chr(10) in PLSQL or "/n" in C#. This is nowhere to be seen in documentation except when I looked in the C# source code.

After changing the field name 'date' to 'v-c-date' the HTTP Signature authentication went through and got response. My problem is solved.

View solution in original post

ifs_merchant01
New Member

‎07-05-2025 03:12 PM

0 Kudos
1 REPLY 1

View the SolutionThis topic has been marked as solved.

After I changed the field name 'date' to 'v-c-date'  when generating signature I was able to generate signature string that match live console, headers="host v-c-date request-target digest v-c-merchant-id"

the header string to be hashed started with linefeed, Chr(10) in PLSQL or "/n" in C#. This is nowhere to be seen in documentation except when I looked in the C# source code.

After changing the field name 'date' to 'v-c-date' the HTTP Signature authentication went through and got response. My problem is solved.

ifs_merchant01
New Member

‎07-05-2025 03:12 PM

0 Kudos
Copyright © 2025 Khoros, LLC