Signature
Preface
This section contains information about how to use this document.
Conventions Used in This Document
This document uses the notational conventions for BASE64URL(OCTETS), UTF8(STRING), ASCII(STRING), and || defined in RFC 75151.
The following conventions are used in this document to identify the specified types of information.
Elements of the API, such as resources
Boldface
/authorization
Variables
Italics within curly brackets
{ID}
Glossary terms
Italics on first occurrence; defined in Glossary
The purpose of the API is to enable interoperable financial transactions between a Payer (a payer of electronic funds in a payment transaction) located in one FSP (an entity that provides a digital financial service to an end user) and a Payee (a recipient of electronic funds in a payment transaction) located in another FSP.
Library documents
Italics
User information should, in general, not be used by API deployments; the security measures detailed in API Signature and API Encryption should be used instead.
Document Version Information
1.1
2020-05-19
1.0
2018-03-13
Initial version
Introduction
This document details the security methods to be implemented for Open API for FSP Interoperability (hereafter cited as the API) to ensure integrity and non-repudiation between the API client and the API server.
In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. For the API, data integrity means that an API message cannot be modified in an unauthorized or undetected manner by parties involved in the API communication.
In legal terms, non-repudiation means that a person intends to fulfill their obligations to a contract. It also means that one party in a transaction cannot deny having received the transaction, nor can the other party deny having sent the transaction. For the API, non-repudiation means that an API client cannot deny having sent an API message to a counterparty. JSON Web Signature (JWS), as defined in RFC 75152, must be applied to the API to provide message integrity and non-repudiation for either component fields of an API payload or the full API payload. Whenever an API client sends an API message to a counterparty, the API client should sign the message using its private key. After the counterparty receives the API message, the counterparty must validate the signature with the API client’s public key. Only the HTTP request message of an API message need to be signed, any HTTP response message of the APIs SHALL NOT be signed.
Note: The corresponding public key should either be shared in advance with the counterparty or retrieved by the counterparty (for example, the local scheme Certificate Authority).
Because intermediary fees are not supported in the current version of the API, intermediaries involved in API message-transit may not modify the API message payload. Thus, the signature at full payload level is used to protect the integrity of the full payload of an API message from end-to-end. Regardless of how many intermediaries there are in transit, the original payload cannot be modified by the intermediaries. The final recipient of the API message must validate the signature generated by the original API client based on the message payload received.
Note: Whether the signature needs to be validated by the intermediaries in transit is determined by the internal implementation of each intermediary or the local schema.
Note: In a future version of the API, intermediary fees may be supported; at that time, signature-at-field-level may also be supported. However, both features are out-of-scope for the current version of the API.
Open API for FSP Interoperability Specification
The Open API for FSP Interoperability Specification includes the following documents.
Logical Documents
Asynchronous REST Binding Documents
Data Integrity, Confidentiality, and Non-Repudiation
General Documents
API Signature Definition
This section introduces the technology used by the API signature, including the data exchange format for the signature of an API message and the mechanism used to generate and verify a signature.
Signature Data Model
The API uses a customized HTTP header parameter FSPIOP-Signature to represent the signature that is produced by the initiating API client for the API message. The data model for this parameter is described in Table 1.
Note: Currently the API does not support intermediaries in an API message; only the message-initiator can sign a message. If this is required in the future, there will be new customized HTTP header parameter, but this is out-of-scope for the current version of the API.
Table 1
protectedHeader
1
String(1..32768)
This element indicates the HTTP header parameters that are protected by the signature. Its value must be BASE64URL(UTF8(JWS Protected Header)). According to JWS specification, the alg header parameter must be present to identify the cryptographic algorithm used to secure the JWS. A customized parameter FSPIOP-URI that represents the URI path and query parameters of HTTP request message of the APIs must be present. A customized parameter FSPIOP-HTTP-Method that holds the HTTP method used in the HTTP message must be present. A customized parameter FSPIOP-Source that represents the system which sent the API request must be present. The customized HTTP header parameter FSPIOP-Destination is mandatory in protectedHeader if the destination FSP is known by the message-initiator. Otherwise this header must not be protected as it can be changed by intermediate systems. See API Definition for more information regarding which services that the header FSPIOP-Destination is optional for.
signature
1
String(1..512)
This element indicates the signature. Its value is part of JWS serialization; that is, BASE64URL(JWS Signature).
Table 1 – Data model of HTTP header field FSPIOP-Signature
Generating a Signature
To create the signature for an API message, the following steps are performed. The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps.
Create the content to be used as the JWS Payload. Because the signature is currently at full payload level, the full HTTP body of the API message is the JWS Payload.
Compute the encoded payload value BASE64URL(JWS Payload).
Create the JSON object or objects containing the desired JWS Protected Header.
A. The alg JWS Protected Header parameter must be present. In the API, the available algorithms for the signature are RS256, RS384, RS512. A key of size 2048 bits or larger must be used with these algorithms.
B. Other parameters registered in the IANA JSON Web Signature and Encryption Header Parameters3 are optional.
C. The customized parameter FSPIOP-URI must be included in JWS Protected Header to protect the URI path and query parameters of the APIs.
D. The customized parameter FSPIOP-HTTP-Method must be included in JWS Protected Header to protect the HTTP request operation method.
E. The parameter FSPIOP-Source must be present, and its value comes from the corresponding HTTP header parameter FSPIOP-Source.
F. The parameter FSPIOP-Destination must be present if the destination FSP is known by the message-initiator, and its value must then be the same as the HTTP header parameter FSPIOP-Destination.
G. Other HTTP Header parameters of the APIs are recommended to be included in JWS Protected Header, but they are optional in this JWS Protected Header.
Compute the encoded header value BASE64URL(UTF8(JWS Protected Header)).
Compute the JWS Signature according to the JWS specification using the output of Step 2 and Step 4.
Compute the encoded signature value BASE64URL(JWS Signature).
Compute the value for the HTTP header parameter FSPIOP-Signature as described in the Signature Data Model section. The value for this FSPIOP-Signature is a JSON Object Serialization string.
Note: If JSON Web Encryption (JWE) is used to encrypt some fields of the payload (for more information, see Encryption), then the API client should first encrypt the desired fields, then replace the plain text of those fields with the encoded cipher text in the payload, and then finally sign the payload.
Validating Signature
When validating the signature of an API request, the following steps are performed. The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps. If any of the listed steps fails, then the signature cannot be validated.
Parse the HTTP header parameter FSPIOP-Signature to get the components protectedHeader and signature.
Use BASE64URL to decode the encoded representation of the JWS Protected Header. Verify that the resulting octet sequence is a UTF-8-encoded representation of a completely valid JSON object conforming to JSON Data Interchange Format, defined in RFC 71594.
Verify the parameters in the JWS Protected Header.
a) The parameter alg must be present and its value must be one of RS256, RS384, RS512.
b) Other parameters registered in the IANA JSON Web Signature and Encryption Header Parameters are optional.
c) The parameter FSPIOP-URI must be present and Its value must be the same as the input URL value of the request.
d) The parameter FSPIOP-HTTP-Method must be present and its value must be same as the operation method of the request.
e) The parameter FSPIOP-Source must be present, and its value must be the same as the corresponding HTTP header parameter FSPIOP-Source.
f) If the parameter FSPIOP-Destination is present in the JWS Protected Header, then its value must be same as the corresponding HTTP header parameter FSPIOP-Destination.
g) If there are other HTTP header parameters present in JWS Protected Header, then their values must be validated with the corresponding HTTP header values.
Compute the encoded payload value BASE64URL(JWS Payload). Because the current signature is at full payload level, the full HTTP body of the API message is the JWS Payload.
Validate the JWS Signature against the JWS Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)) in the manner defined for the algorithm being used, which must be accurately represented by the value of the alg (algorithm) Header Parameter.
Record whether the validation succeeded.
API Signature Examples
This section uses a typical quote process to explain how the API signature is implemented using JWS. The FSPs in the API can verify that their internal implementation for API signature is correct using the following case.
The case in this section uses RS256 as the signature algorithm. The RSA key used for the signature example is represented in JSON Web Key (JWK), defined in RFC 75175, format below (with line breaks and indentation within values for display purposes only):
Generating a Sample Signature
The following message text is an example of POST /quotes
without a signature sent by Payer FSP to a counterparty (line breaks and indentation within values for display purposes only).
Computing Signature Input
According to JWS specification, the signature input is BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload).
Assuming the HTTP header parameters Date and FSPIOP-Destination are protected by the signature, and the algorithm RS256 is used to sign the message, the JWS Protected Header in this case is as follows (line breaks and indentation within values for display purposes only):
Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value:
In this case, JWS Payload is the HTTP Body described in Generating A Signature section. Encoding this JWS Payload as BASE64URL(JWS Payload) gives this value:
Producing Signature
Use the given RSA Private Key, the JWS Protected Header and the JWS Payload to generate the signature, then encoding the signature as BASE64URL(JWS Signature) produces this value:
Re-produce API Request with Signature
As described in the Signature Data Model section, the API signature is represented by a customized HTTP header parameter FSPIOP-Signature; thus the API request with the signature in this case is the following message text (line breaks and indentation within values for display purposes only).
Validating the Signature
After the Payee FSP receives the POST /quotes
API message from Payer FSP, the Payee FSP must validate the signature signed by the Payer FSP.
Parse FSPIOP-Signature
Parse the HTTP header parameter FSPIOP-Signature to get the components protectedHeader and signature. In this case, the value of protectedHeader is:
Use BASE64URL to decode the encoded representation of the JWS Protected Header. Verify that the resulting octet sequence is a UTF-8-encoded representation of a completely valid JSON object conforming to JSON Data Interchange Format, defined in RFC7159. In this case, the decoded JSON object is:
Verify that the alg parameter is valid for the API. That means it must be in the list of RS256, RS384, RS512. In this case, the value of alg is RS256, which is valid.
Verify that the value of the parameter FSPIOP-URI is same as the input URL of this API message.
Verify that the value of the parameter FSPIOP-HTTP-Method is same as the HTTP method of this API message.
Verify that the value of the HTTP header parameter FSPIOP-Source is the same as the corresponding value listed in this JWS Protected Header.
Verify that the values for the HTTP header parameter FSPIOP-Destination are the same as the corresponding values stated in this JWS Protected Header.
Verify the other protected HTTP header parameters. In this case, the Date parameter is protected by JWS Protected Header. If the parameters Date in the HTTP header of this API message and Date in the JWS Protected Header are equal, then the validation is successful. Both Date parameters in the example should be the following value:
The validation is passed.
Verify JWS Signature
In this case, the JWS Payload is the full HTTP body of the API message, that is (line breaks and indentation within values for display purposes only):
Compute the encoded payload value BASE64URL(JWS Payload). Get the encoded value as:
Validate the JWS Signature against the JWS Signing Input (that is, the JWS Protected Header, JWS Payload) with the specified algorithm RS256 (specified in the JWS Protected Header), and the public key. Record whether the validation succeeded or not.
References
1 https://tools.ietf.org/html/rfc7515#section-1.1 – JSON Web Signature (JWS) - Notational Conventions
2 https://tools.ietf.org/html/rfc7515 - JSON Web Signature (JWS)
3 https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-header-parameters - JSON Web Signature and Encryption Header Parameters
4 https://tools.ietf.org/html/rfc7159 - The JavaScript Object Notation (JSON) Data Interchange Format
5 https://tools.ietf.org/html/rfc7517 - JSON Web Key (JWK)
Last updated
Was this helpful?