PayFanout API reference
    Preparing search index...

    Interface V1HmacSigningInput

    Worldline Direct "v1HMAC" request authentication, built on WebCrypto so the server adapter runs on edge runtimes (no node:crypto, no Buffer).

    The signature covers a canonical string assembled from the request, each line terminated by \n, in this exact order:

    1. HTTP method (upper-case)
    2. Content-Type — the empty string when the request has no body (e.g. GET)
    3. the Date header value (RFC-1123 GMT)
    4. every signed x-gcs-* header, canonicalized as lowercased-key:value (value trimmed, internal whitespace collapsed to single spaces), sorted alphabetically by key, each terminated with \n
    5. the resource path (e.g. /v2/{merchantId}/payments)

    There is a trailing \n after the path. The digest is HMAC-SHA256 over the UTF-8 bytes, base64-encoded, and carried as Authorization: GCS v1HMAC:{apiKeyId}:{signature}.

    Worldline also accepts an X-GCS-Date signed header in place of the Date HTTP header (line 3 stays empty and x-gcs-date joins the canonical block) — useful on edge runtimes that forbid setting the Date request header. The documented Date-header form is implemented here as the default.

    interface V1HmacSigningInput {
        apiKeyId: string;
        contentType?: string;
        date: string;
        gcsHeaders?: Record<string, string>;
        method: string;
        path: string;
        secretApiKey: string;
    }
    Index
    apiKeyId: string
    contentType?: string

    Sent Content-Type; omit/empty when the request has no body.

    date: string

    The Date header value being sent (RFC-1123 GMT).

    gcsHeaders?: Record<string, string>

    Signed x-gcs-* headers (e.g. the idempotence key), keyed by header name.

    method: string

    Upper-case HTTP method.

    path: string

    Absolute resource path, e.g. /v2/{merchantId}/payments (no query string).

    secretApiKey: string