If you are looking to get started with Postman, please see this guide.
For a detailed guide please read our eIDAS documentation from our developer portal.
First, you need to download the latest collection that now includes the eIDAS digest calculations in the Pre-request scripts.
You can read about How can I create a normalised string for signing with eIDAS?
Import the collection to Postman and you can verify that the eIDAS is included by right-clicking the collection name and choosing Edit:
You can verify the changes at the end of the Pre-request Scripts tab:
For the following parts to work, you need to set a parameter called eidasPrivateKey with the eidas value that we have in the test certificate:
eidasPrivateKey value
MIIG5AIBAAKCAYEAyQYYtwon+ZOF9hRyWPFJZbKu9C4AbX46TSmsUcLon7x7pMx9H3jk8mwIcQNFszx4Mx8m3iw83zpM4DmQpvprdP8+Le0sSB8d6k8X1gF4KTv1G9SNb7+Qf33jOToMUDy0t3LkypkoMupMmBStkVnV6mGDj6S+cIozLlBsSoKzXtnJhvANLi+zAMWMr1OkOw5PUhwPu9HyhN8YnuPvWBvXEhb08tMoYpvRCgP62IIA7qjpc8XfNIDHJC2wjLIyhgjzEl4tAOEEOSz712cKCsnxOnICioRK0ceN9SS40bWqxbWXvMGjrG08Ep35q2E0zVZ4S0yar0THhS/cY+RZnrEmoG3trp3g6g7lyRf3BqN4t0QiY+fssyi0h+eBkZQl4Hx8QZev5AsRX/A73Px9R88kVVHNxs/FQI9kWP08/+7PGxBkOfM+VxxAt4wiWTP/ZngPYRlWlAV3yIhxVtIh36Ngm2Vb1QLcDKYeuqTZasBsed5OIJA+RcjpR54VS8Uk76HFAgMBAAECggGAFq+dcmqvADdp0s+T5/2y7ssve1cFrVWldrfRPpjkb8JxobOCG18lV0Zh3X8lCok0d3B4jnInnHmT22ojrPRt1BJKDhzJ9omscpjic8BOsziU/MMMAyR3RiwKzJaEdTmkm19X+pU2OCjA5BjRTan5vi2rDzbkVwcBp6Rj1DTT0Ux6tcO5eRDg/qFMsyyZSCDhSr7n96ZF3EDhIm1OwX7C0sPMeOrjj91NxfeVA4IIYOanEe2uttohny+Y0Qf7M60mrhLJJdzAeFHFkE7NhR2nEgYInNbWhPmNtLEg8kD3xqNtgyy7knVIbE8Nn5KRnjbPoCQjn079hk4WVhXM8LfgGWGXtHQ31/9+AJgZOa0lN4UYqYcy0qn7HdNTjXH2gQruEJjDXYyTvI9ymiNkREAg1yOJfPC5xl9tETzT6MBEEEU/0FiOFP8MMZGFH5Hmi9YKNp1Om4b4XISGzJVUUCReBSHy0RjtC6OVa+kZMYb7f8O8quzBVIsKKCA8gcon4yCBAoHBAO7Vutrhk8z0pyU83tC2eQcy1v6CAAiCWdUdoWCIE44eq51KOBHqLCmT9/r2pPh0R2Vkkx/lPo1yqFkDTdzpbmIXgZDP0q6ET6Fp9wOaaUgoIhnzzNtb4dzWue2yuE2f/yCnXuT3p4rAphGBvJwyPqDHCb7q6qg0moH3bQWkrPzd5rDMA/Gv12zLzJ1zejrxTyrZvzvGZPPtSa1V2oReXC9CaMXbSK+b++HAut1XiTTjsfzmMnr2ZCfuXOUuZ6mjGQKBwQDXeLBuEPElq3Vv+K2Dn5Pm67rij6zRTE92DCha0iQtGDuBRnOF/cU6my1ZdgMi0V/etwZ4twI1Ocn7Oqis++NlvPqDkhhVCivR54iaj0KADx5hftek9b5Sgmb5HYS60xrX4EHTMCrME4IUYBYbvw62d6MzbhsB0H44tIAsisNCSb9iX6ILQFeMdQ/G3LD/5LCLRni3uXhVnR3ukbU8yU3ALcAkNVjHNiCmRLiyyTc3KPoOkfJFnhdb+BwEVVTV1Y0CgcEAqhqVtBFX6HETnuUEuVhNSQA/uhMzHNxiSPSKnKsualmT1zomRzQm8hIOW7NRehevRhrk4qGu9KWGG6fLzByB3uFpCY/LOTrJUGidYvaWJ6tV5nALJu0BJ/3TfOV+eOMMneA3KRLuRFfDr9JcWE885dv9J/o+2UBmD0z/XDaWcp9FEASuhnO8FiPs/vNhShvWS+m8V0GNY2JMyGTOdtqSA6Lj5o+w7EpHktlm/gC7m2zUtw/pQkS8vuf5R83OTTb5AoHBAJzi7WNWxp6s9vcuU/hwappKrWplPmmubHUBaSintVt4N2trRpYbLk37ystGmAXz+SAKl5WxetQSXbSlA0fgp7PeI3FFIJ5ap4lQUjBnev4PBAns90rO+2LMO/nKumflabghOwxwF9k7owz+4VoWhLnq5lN+Kf/qNN1I38KOzpknZUhVZYFXuec1HOWort/DPaBLEX6Eds+vdKnOQe4ejJQPO8WhaiCykpc9llXnGGL7XQba0VJLR6rZPl0RXJHNyQKBwE5tozFL24oPDy2qOWXbX3thNe3nHtI2wQQM0Bvj6r1uCGS4TN5qH/T9SNi/OWfzq5RWoocZckQo2uroBa7CCH7B2xvoItfV90wwFUXX79jlOSWYiCnpgOmybzGbcbTicStHxv0WVIXr3zK36PEA2gFOoKT9C21ZzW9BvQbYQviw1FR2AKKuKxhT5WvvpF25UiAdHhIYsOmQDQIj5eKbT8Q2SWo7sEkeOeFtGFj6oslahYwi5G2Bs4kv+8cobS0ScA==
Next you can start the Oauth normally (e.g., for Finland) and proceed to Exchange token phase.
You can test this by initiating a payment for example by removing the Signature or the Digest header after which the calls will not go through anymore and you will get the following error:
Alternatively you can still bypass Signature validation for Sandbox by using the following Header and Value as in the below example.
Please note that this value can't be put in the environment values unlike the previous ones.
Signature SKIP_SIGNATURE_VALIDATION_FOR_SANDBOX
Common error messages related to eIDAS issues:
- There was an error in evaluating the Pre-request Script: TypeError: Cannot read property 'includes' of undefined
- signature.invalid
We have also created a short Java example for you to use:
import com.google.common.base.Splitter;
import com.google.common.io.BaseEncoding;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.TreeMap;
import static java.util.stream.Collectors.joining;
public class Main {
public static void main(String[] args) throws NoSuchAlgorithmException {
String originalString = "redirect_uri=https://ouath.oauth&code=ZXlKbGJtTWlPaUpCTWpVMlIwTk5JaXdpWVd4bklqb2laR2x5SW4wLi52YUQwWHFhQUNkb0Z3SUtaLjhUUGdVei1MeHNrdXlrQUhuTDBmTjVTN2VSVjRRX0xDd2diR2Njc1hzdUlfcmN4aWtuMElYMUZoMWRLajNkUVBJTjB1ZGFhS2dxTTZQZ05oSzZ4dlJuRmNrNW92bkI3UlhXUm1KclBFdVF5MG9PNDI5bWs5dmZxRWs4WEdxU255TkxabFNXMjVKSVBVWmdpeWlfSHltQ25RQndZN201VmZFajQwYWFUUXJSM0MtOW5uVjc4YmVjRkw2T0pVVElqcGpuX1JHS3Etd0lwQW01V2xHeTIxdnNGaHpMWDJkc3Y0VUQ5MTY1Q0ZfcGlvWDJEdnlHcjBmdTd2YzctUTFYdDF4UXBTRFAyVmxsMGRGQ2VtV3U1N0pfQ003dlNxSmFZaElmYVVNS0tWNHFuNTgxM1prc045bXdCb1hycUwyYjFGQUdHUGJDX0w4cVFfTHJtZHBDdlkzOTA4c0I3VzQ0S1Mwa3lQaTBEQjFmYjJwS0d3Q010MzBjcElwZEhHVTF1RGtzaG0wdnh0X0FaSWRtSEhHMGYwcmFhRV84WWNKdkljd2doUl9YbWdQUGI3RGZ5RE9fOWRkN2VsRGpNN2pKSjdoVllHY1pTcnBrcWZsRXdGMm8yUXRlc2NhRDF5OXZDbTZsY053bEw3RzZuNHZwUnVVR3pxMXNiWnFfeXdmNGJzN1BIMElzeUswOGNJckZvNkpMSzFyal9LcVhnVWVKc2lYSzc2OWN6Z2ZWZ2toOXd3TmNxbGhlbVhkRXZ2cHAtaUNSblQ4bGZ5LXhTWTJwYWZXRUFXOW9TbWFpZkR1ME1fR1RVODItOTl4djFIQXFsOU1xNWpFc0R4SG9QZWZoRUk3T21QSDAwdEVDbDhHVFJ3SEhKdFlSenFJOFExNkk1UEpIeGlzazVOQ3AwS2ZiTlUzVWlkdUpNdHR0RDBUczRxMEZNUUM2WTBCYThaalFpOFozajJOUU1KS3ZVa2ZsYzVGdkhTMWt3M1ZWNTdaSVdKZ2U1UFJwMmdIVHdMUjNDREJid1ZfeEl3SkdTcmpPdXBNVTRfVWpNdTVvWVdJTkhST1h6SXRnLmR2SjVJdjJrZjFBdWRNekdyX0xIX1E%3D&grant_type=authorization_code";
MessageDigest messageDigest = getMessageDigest("SHA-256");
messageDigest.update(getFormDataDigest(originalString));
String encodedText = BaseEncoding.base64().encode(messageDigest.digest());
System.out.println(encodedText);
}
private static byte[] getFormDataDigest(String formData) {
Map<String, String> formDataMap = Splitter.on('&').trimResults().withKeyValueSeparator('=').split(formData);
return new TreeMap<>(formDataMap).entrySet().stream()
.map(entry -> entry.getKey() + "=" + entry.getValue())
.collect(joining("&"))
.getBytes();
}
private static MessageDigest getMessageDigest(String algorithm) throws NoSuchAlgorithmException {
return MessageDigest.getInstance(algorithm);
}
}
Here is another example with some redacted fields:
POST /personal/v5/authorize/token HTTP/1.1
Host: api.nordeaopenbanking.com
Content-Type: application/x-www-form-urlencoded
X-IBM-Client-ID: redacted
X-IBM-Client-Secret: redacted
X-Nordea-Originating-Date: Tue, 17 Sep 2019 10:08:40 GMT
X-Nordea-Originating-Host: api.nordea.com
Signature: keyId="4d1b0768-b6a7-410d-ac28-redacted",algorithm="rsa-sha256",headers="(request-target) x-nordea-originating-host x-nordea-originating-date content-type digest",signature="LzOU3Ud9ZizKq+o4R6ZDozzaPdHLwUFbOr18uwmJ5P+3C/x4MmhwgxrX5rmUS2DK/HF0FyWofMjrF3f/yDm+GVRkUt1SmFQSXuK1sSfA11MZ64fjFvEb+mIEvFkISKXbIkw45WrHhZaweNEVsBrsUPW0elGCYsi9p3XxK4b33Id29p0VelernK6M9oHsDk7lV75MzSIHRI/AOYqGYTEmz3PvBlUhGcDkdCv5j8dV6/28O0rZNqLvYtiRuV2SecpzcugiMpfDcxUoL88Q7F5yHqgAyOMkT1T+WoGkssKA0gj1kBAawDDs8yMGarKQuRPCO2Htredacted=="
Digest: sha-256=8c6HF9iU7sAZwyYL9azBOE0YWnvYvlWJredacted=
User-Agent: PostmanRuntime/7.15.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 1b2e78bb-3635-461d-redacted-4da169c07f0b,30d71a2d-redacted-4cc2-85c0-6f0c7ecc1d13
accept-encoding: gzip, deflate
content-length: 1034
Connection: keep-alive
cache-control: no-cache
grant_type=authorization_code&redirect_uri=https%3A%2F%2Fouath.oauth&code=ZXlKbGJtTWlPaUpCTWpVMlIwTk5JaXdpWVd4bklqb2laR2x5SW4wLi5xTnJtTEZkcWNkeXF6eVhJLlFiVnp3b2wyM0dHNUc0bGFDdHNqR09aVUZEYnpGcU5QRmFibVlzNk5YclNoS1FZUmhzTzZuS3gyc1dMMkJZbEFsenJadG84QWJ5YXJrM3B3SEhfWWtUTWdRQzFUTGRWVVhPR3hjalg2QndES3lBenVFNEZIOG0wQUNTZHlPTk8xRHUzWTJva0VNT2NoRXNOSTc4eVFmNGs4SXhtU1dDQmJrTG9yTU1JQzQ2Z1NMaW5rNGt6S0pXSEwxaDZLRkVkalNqTWRxTTZQZTNicUJ6QlNGZENDeUNld3dudWEwTmpoYThwYjRydkUwd2Q4dVVYc2FaZ2s4dURkNVprWXZSd2NzTVhNc1AwSzh1R0ZXX3BVQ3pLVVBBdFE1UVVYRGIzeWxabXNyTEpaZlprWbVRIMTJhRVluUlIxc29SNU11dG5GblQ3VE1oQThFXzJ1UFhuRnJsODVuV3lLWUJHZ0RMMzVhQTFHdE9zeHNPTm5QMkF0Z0dTQlNSN0JpbzFWMWxqNDRtMjRCWmlQZkFzSmhhWTZIckxIS0lyOUJ6dzJEUUl1ZDRuRU15MEh2WmI5c3ltcGpsc01uSjUxUlFISEpJWGQxajN0ZlBfdzVDZUZFRVMydDg3U0VLeWFyckN6Tm1ENy03Y1AwTUpkZHNYa1U4QTd0SFR4UzlsbWFHUml5eTZETktrUVk4OUxNUzlrVkZlRVBIWTlDMkREbVhYajFSMkJLWXVLc1NLeldQbm1mUjVoRTI1YzU0am9kcVJHNXpXODNzS2YwaFBaQredactedNzWDJhaUdqbmZ5bkdyMUVlV2pXNG9mZnJ1RVA1NWxJMEd5VDAuc2xpa2RoZFZiaGdKZFlQVmxDNEpwdw%253D%253D