Authentication
Verifi Order Insight includes the Authorization and x-verifi-issuer
headers with every request. The x-verifi-issuer
header contains the issuer ID that is assigned by Verifi, whereas the Authorization header contains the word Bearer that is followed by a space and an encoded JSON Web Token (JWT).
The JWT header and payload are signed with the symmetric-key based HMAC SHA256 algorithm, using the secret obtained from Verifi. Because the standard Pega JWT feature uses an asymmetric key-based HMAC signature instead of a symmetric key-based signature, the GenerateJWT custom function was created. The function takes the header, payload, and secret as input parameters. The JWT header and payload should be signed with the symmetric key-based HMAC SHA256 algorithm, using the secret obtained from Verifi.
The CreateInsightRequest data transform and InvokeSetInsightOutcome activity reference the GenerateJWT data transform before the invocation of the respective services. The request configuration and signature generation settings are obtained from the D_VerifiOIConfigurationDetails data page and are passed along with the required Authorization element in the header of every service request.
For more information about how to configure Verifi Order Insight authentication settings, see the Pega Smart Dispute for Issuers Implementation Guide that is available on the Pega Smart Dispute for Issuers product page.
Example
The following table details an example of a complete authorization header that is generated by the GenerateJWT function.
JWT Payload | {"iss":"20111","iat":1456267477,"jti":"2a6f0ce9-ae1d-43cf-a9af-db90b8ab0a5e","exp":1456267777} |
---|---|
Signed and encoded using a secret of mysecret | "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8" |
Complete HTTP header | Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8 |
Previous topic Simulation mode Next topic Exception handling