// Following the algorithm in https://apifriends.com/api-security/api-keys/
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var requestUrl = request.RequestUri.LocalPath; // Must match the url sent by the merchant (in MerchantClient.TrackAsync) or the hashes won't line up
var(token, timestamp, nonce) = HashingUtility.Create(this.publicKey, this.privateKey, requestUrl: requestUrl);
request.Headers.Add(ReqHubHeaders.ClientTokenHeader, token);
request.Headers.Add(ReqHubHeaders.ClientTimestampHeader, timestamp);
request.Headers.Add(ReqHubHeaders.ClientNonceHeader, nonce);
request.Headers.Add(ReqHubHeaders.ClientPublicKeyHeader, this.publicKey);
request.Headers.Add(ReqHubHeaders.ClientUrlHeader, requestUrl);
return(base.SendAsync(request, cancellationToken));
}
// Following the algorithm in https://apifriends.com/api-security/api-keys/
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// Include the incoming client request url in the hash
var requestContent = await request.Content.ReadAsAsync <TrackRequestModel>();
var requestUrl = requestContent.RequestUrl;
var(token, timestamp, nonce) = HashingUtility.Create(this.publicKey, this.privateKey, requestUrl: requestUrl);
request.Headers.Add(ReqHubHeaders.MerchantTokenHeader, token);
request.Headers.Add(ReqHubHeaders.MerchantTimestampHeader, timestamp);
request.Headers.Add(ReqHubHeaders.MerchantNonceHeader, nonce);
request.Headers.Add(ReqHubHeaders.MerchantPublicKeyHeader, this.publicKey);
request.Headers.Add(ReqHubHeaders.MerchantUrlHeader, requestUrl);
// Client headers added in ReqHubMerchantMiddleware > MerchantClient.TrackAsync()
// The full trace is Middleware -> TrackAsync -> SendAsync -> this
return(await base.SendAsync(request, cancellationToken));
}