After having read through the security page and the various posts in dev forum, I am no where close to what I need to get a properly authenticated request/response.
My understanding of the Authorisation setup is that:
1. requires keyID in the header.
2. requires a header field called signature containing the secret and the base64encoded SHA1 has of the key.
I know I am missing something but needed an answer which is implementation language agnostic as we are not using any generic language but a different application to call the API.
Easiest way would be if I could get this working from SOAP UI, that will give me an idea on its implementation in my application.
I suggest you download the Postman collection from the developers portal.
Once you have that working (it should just work "out-of-the-box" ) then you can use the Code (Generate Code Snippet), it has generated code for several languages over 20 in all... that should help you...
The main confusion I have is that it requires Authorization header field containing a full set of details which is Signature(keyword) keyID="client key", algorithm, headers, signature="base64encode of client secret". Should this all be under one header called Authorization?
Got my GET Operations working(just needed to translate the sample code into the language we are using). Not a lot of luck with Post even after adding content-length and the actual content in Signature. I will update here once I get my Post working!!!