Signature Verification

BPP/BAP verifies BG signature The BPP/BAP performs the following steps to authenticate the BAP/BPP and the BG and also ensure message integrity. Get keyId from the Proxy-Authorization header Split the keyID string using the delimiter

Gateway Signing

The BG will send its signature in the Proxy-Authorization header in the exact same format as shown below. Proxy-Authorization:Signature keyId="{subscriber_id}|{unique_key_id}|{algorithm}" algorithm="xed25519" created="1606970629" expires="1607030629" headers="(created) (expires) digest" signature="Base64(BLAKE-512(signing string))"