HTTP signature verification
12.6.2.3. HTTP request signature verification for NextGenPSD2

This document describes how to use the plugin "HTTP Signature Verification Credential Extractor" (within the Loginapp's one-shot featureĀ 17.6. HTTP request authentication (Airlock One-Shot flow)) in order to provide NextGenPSD2 compliant HTTP signature verification.

The described plugin provides the ability to check HTTP signatures according to the internet draft Signing HTTP Messages as required in NextGenPSD2.

This documentation gives examples and lists the HTTP headers that need to be verified as specified in the NextGenPSD2 v1.3 specification.

The documentation may be used as example but does not guarantee that the legal PSD2 requirements are met. Please ensure the correct configuration by examining the latest PSD2 specifications.