Checksum Calculation

To further prevent a third-party from attempting to intercept and reuse the JWT token for a different request, include the checksum field in the token. The following table outlines the fields used to calculate the value.

Request	Information Used to Generate Checksum
`HTTP-Method`	The HTTP method of the request (in uppercase characters) `GET` `POST` `PUT`
`Raw-URL`	The path and query string of the request (in lowercase characters) Example 1: URL of the Automation API: https://<Control_Manager_Server>/WebApp/API/AgentResource/ProductAgents?HostName=TestAgent Raw-URL: `/webapp/API/agentresource/productagents?hostname=testagent` Example 2: URL of the Automation API: https://<Control_Manager_Server>/WebApp/API/AgentResource/ProductAgents Raw-URL: `/webapp/API/agentresource/productagents` Important: In the event of an empty query string, do not include the "?" character.
`Canonical-Request-Headers`	The list of all request headers that start with "API" Sort alphabetically and convert each header into the following format: `LowerCase(Header Name) + ":" + Trim(Header Value)` Join headers using the "&" separator Note: If there are no headers that start with `API`, leave the `Canonical-Request-Headers` value as an empty string.
`Request-Body`	The body of the request in the format of a UTF-8-encoded JSON string

For the calculated SHA-256 checksum of HTTP-Method + "|" + Raw-URL + "|" + Canonical-Request-Headers + "|" + Request-Body, the checksum field is the base64 string representation of the calculated SHA-256 checksum byte array.