即使我的签名例程能够从他们的测试页面生成正确的签名,我也无法对 Cybersource api 和 apitest 环境进行经过身份验证的调用。
我尝试了不同的标题组合、大写和小写以及日期与 vc-date 字段名称。
我从以下标头组件构造了签名。
'VB, Signature Construction
Dim pHost As String = "host: apitest.cybersource.com"
Dim pMerc As String = "v-c-merchant-id: testmid"
Dim pDate As String = "v-c-date: " & Now.ToUniversalTime.ToString("r")
Dim pReq As String = "(request-target): get /reporting/v3/report-downloads?organizationId=testmid&reportDate=2018-10-27&reportName=Demo_Report"
Dim pHeader As String = pHost & Chr(10) & pDate & Chr(10) & pReq & Chr(10) & pMerc
Dim kID As String = "{secret key}"
Dim mSig As String = GenerateSignatureFromParams(pHeader, kID)
Dim pSig As String = "signature: keyid=""{key id}"", algorithm=""HmacSHA256"", headers=""host v-c-date (request-target) v-c-merchant-id"", signature=""" & mSig & """"
将主机、vc-merchant-id、vc-date 和签名添加到 GET 的请求标头时,我收到 (401) Unauthorized 响应。