Checksum Calculation

To further prevent a third-party from attempting to intercept and reuse the JWT token for a different request, include the checksum field in the token. The following table outlines the fields used to calculate the value.

Request

Information Used to Generate Checksum

HTTP-Method

The HTTP method of the request (in uppercase characters)

  • GET

  • POST

  • PUT

Raw-URL

The path and query string of the request (in lowercase characters)

  • Example 1:

    URL of the Automation API:

    https://<Control_Manager_Server>/WebApp/API/AgentResource/ProductAgents?HostName=TestAgent

    Raw-URL:

    /webapp/API/agentresource/productagents?hostname=testagent

  • Example 2:

    URL of the Automation API:

    https://<Control_Manager_Server>/WebApp/API/AgentResource/ProductAgents

    Raw-URL:

    /webapp/API/agentresource/productagents

Important:

In the event of an empty query string, do not include the "?" character.

Canonical-Request-Headers

The list of all request headers that start with "API"

  • Sort alphabetically and convert each header into the following format:

    LowerCase(Header Name) + ":" + Trim(Header Value)

  • Join headers using the "&" separator

Note:

If there are no headers that start with API, leave the Canonical-Request-Headers value as an empty string.

Request-Body

The body of the request in the format of a UTF-8-encoded JSON string

For the calculated SHA-256 checksum of HTTP-Method + "|" + Raw-URL + "|" + Canonical-Request-Headers + "|" + Request-Body, the checksum field is the base64 string representation of the calculated SHA-256 checksum byte array.