The MasterCom Claims manager uses the OAuth protocol (version 1.0a) for secure authorization with the Google Body Hash Extension by using RSA for private key signing and SHA-256 as the hashing algorithm.

The GetMCOMAuthHeader function generates the request authorization header and handles message signing. The authorization header is generated by the SetAuthHeader data transform as part of the MCOMClaimsMgrRequestPostProcessing request post-processing data transform.

The logic of the SetAuthHeader data transform is defined as follows:

• Get the JSON-formatted payload.
• Build the parameters required to call the GetMCOMAuthHeader function.
• Invoke the GetMCOMAuthHeader function.

The DeReferenceMCOMEndPoint activity dereferences the end point URL.

Sample authorization header

The following is a sample of an authorization header generated by the SetAuthHeader data transform:

Authorization: OAuth oauth_body_hash="5L%2F9PCnJnlKWZGh9sYPdOanyBJlp6t8VolyenPhW8sI%3D", 
oauth_consumer_key="your%20consumer%20key", oauth_nonce="s579vd4tdut3jdo2tajhqhbggh", 
oauth_signature="ellNVs2kTBxVYOFy3vh7x0d5JMIwpuVBWDs6m%2F%2BWC04EUpxC0GSlSCZSMd0Pm0Ko%2BYY0cjRs2z8JHZKMwDsfmDEFie4Z%2FQAa6f8AztcQ4FiKcHQkbnI5nGdQIvULzLGJQ3x8cgYzMXlVJ%2FUBxc4qfutWIRKXZXHSD4Xe2KQ%2F3wsWA1H24MBQBYUyeFWi0WeIR1QGWiOqf9DTBljSPD3Ee1V1dLJNbG8kECe%2FupXqg4RAE%2BXtZA%2BapAl%2ByP25knkzcnusHPy6sSU8vK7dKwDyX8mw3LBaTDqFkrUyVmH8YeT9eYmvolcGxmb7MTRYR4lXU7sPih3lVrXqWifRmIYXDQ%3D%3D", 
oauth_signature_method="RSA-SHA256", oauth_timestamp="1523360492", oauth_version="1.0"