Upgrading Signatures v6 to v15

In this section we introduce you to the features of Signatures v15 and what you need to consider when upgrading from v6 to this version.

v15 changes

Signing version header

To be able to make requests with v15 of the signing, you must add a special version header.


upvest-signature-version: 15

HTTP request body digest and content-digest

In v15 of signing, the component digest has been deprecated and replaced by the component content-digest.

Follow these steps to calculate content-digest:

  1. Capture the entire byte stream of the request body.

  2. Calculate the SHA-512 hash of the body content.

  3. Encode the resulting value using Base64 encoding.

  4. Add a request header named content-digest with the following value: sha-512=:{digest value}:, where {digest value} is replaced by the result of the previous step. Please note that {digest value} is enclosed in colons (:).


Request bodyContent lengthcontent-digest header value
{"hello": "world"}18"sha-512=:WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==:
{"key": "value"}16sha-512=:Hd9/AvGZkbjitW1+Ml8Fg1ux1mtcDYe6mLQjDyoowIWa3LM/PmwN2v9O+MjtQGrCA3EQWUL54dlgxKHyYbrucw==:

Calculating the signature components

In V15 of signing, signature components keys should be quoted in the signature base string:

Example for V15

"@method": POST
"@path": /endpoint
"@query": ?a=b
"accept": application/json
"authorization": Bearer access-token
"content-length": 16
"content-type": application/json
"content-digest": sha-512=:Hd9/AvGZkbjitW1+Ml8Fg1ux1mtcDYe6mLQjDyoowIWa3LM/PmwN2v9O+MjtQGrCA3EQWUL54dlgxKHyYbrucw==:
"idempotency-key": 2133825797664cad
"upvest-client-id": 5ec16164-6173-461d-b90d-116d68f55b40

Next steps

In the tutorial 'Implementing HTTP signatures v15' you can find the detailed description.