Spreedly uses the xmldsig library to perform the signing.
To properly sign an xml request, enclose the entire xml request to be signed in xml_dsig
template tags.
Do not modify the <wsse:Security>
node. It must be formatted as given. This binary security token node will be generated on the server along with the timestamp.
Changes to the wsu:Id
attribute of any node will cause signature failures.
The institutionName, the appID or the body content may be modified without causing signature failures. Content means the text between the xml tags.
curl https://core.spreedly.com/v1/receivers/<Receiver Token>/deliver.xml \
-u 'Your credentials here' \
-H 'Content-Type:application/xml' \
-d '<delivery>
<url>https://ws.mastercard.com/mtf/MRS/DiagnosticService</url>
<headers><![CDATA[Content-Type: text/xml;charset=utf-8]]></headers>
<body><![CDATA[{{#xml_dsig}}<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns1="http://diagnostic.ws.mcrewards.mastercard.com/"
xmlns:ns2="http://common.ws.mcrewards.mastercard.com/">
<soapenv:Header>
<com:identity xmlns:com="http://common.ws.mcrewards.mastercard.com/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="pfxe07c3068-8f69-e115-2c9c-6c5f4df49fdd">
<com:appID>0</com:appID>
<com:institutionName>loyaltyangels</com:institutionName>
</com:identity>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<ds:Reference URI="#pfxb65d8fe8-185a-4edc-6589-3a08270deca3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue/>
</ds:Reference>
<ds:Reference URI="#pfxbafb5d83-3a99-50af-d6b9-ceb1b8e64b5c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue/>
</ds:Reference>
<ds:Reference URI="#pfxe07c3068-8f69-e115-2c9c-6c5f4df49fdd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue/>
</ds:Reference>
<ds:Reference URI="#pfx1819ec29-f57f-d26e-e323-f5734617170e">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
URI="#pfxb65d8fe8-185a-4edc-6589-3a08270deca3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
wsu:Id="pfxb65d8fe8-185a-4edc-6589-3a08270deca3"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
{{#binary_security_token}}{{/binary_security_token}}</wsse:BinarySecurityToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="pfxbafb5d83-3a99-50af-d6b9-ceb1b8e64b5c">
<wsu:Created>{{#utc_timestamp}}{{/utc_timestamp}}</wsu:Created>
<wsu:Expires>{{#utc_timestamp}}{{/utc_timestamp}}</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="pfx1819ec29-f57f-d26e-e323-f5734617170e">
<ns1:doEcho>{{ credit_card_number }}</ns1:doEcho>
</soapenv:Body>
</soapenv:Envelope>{{/xml_dsig}}]]></body>
<payment_method_token>9j3umvz8pXJSdCak58APhPm7i87</payment_method_token>
</delivery>'