Generating the JWS Signature
The signature for a request payload is generated using the RS256 JWS algorithm, which involves signing the JSON payload with the private key.
1. Generating API Keys
We use JSON Web Signature (JWS) to ensure the integrity of data exchanged between the merchant and our system. The Private Key is used to generate the JWS signature, while the Public Key is used for verification. The merchant must securely generate a 2048-bit Public-Private Key pair on their servers, store it in a cryptographic vault, and share the Public Key (in PEM format) with Juspay during onboarding. The Private Key must be securely stored in a cryptographic vault on the merchant's servers and should never be exposed to the client or any external parties.
The below command generates a private key file private-key.pem
The below command generates a public key file public-key.pem for the private key file generated via above command
2. Signing the Payload
|
Algorithm
|
Format
|
|---|---|
RS256
| HEX; base 64 encoded
|
The signaturePayload needs to be signed after converting it to String using the Private key stored on the merchant server. And this signature has to be in Base 64 encoded format.
Refer : Code snippet to generate signature
The JSON payload converted to a string that is to be signed, which makes a signature, should exactly be the same as the string that is to be passed in the signature payload field.
On executing this code by replacing the private key, payload, and KID, a response containing the signature, payload, and protected data is generated. These elements make up the json of the process payload. The sample response from the codes is as attached.
Refer : Sample Output
The response returned by the Javascript code is to be passed in the request while making the process call.
The response returned by the Java code contains a token. When split the token on the period ('.') delimiters, the following components are returned.