Layer7 API Management

Hi All, I am trying to use  (Non-SOAP) XML Element Signature Properties  assertion to sign following xml:

<authSig>

POST&https%3A%2F%2Fsandbox.api.mastercard.com%2FbillpayAPI%2Fv1%2FisRoutingValid&oauth_body_hash%3DWhqqH%2BTU95VgZMItpdq78BWb4cE%3D%26oauth_consumer_key%3DCO-0tm0VZClxhIWtKOE3rM8EvZjKe2KobsuQzX0a2d539cfb%214551503962614c766c526d384c6b64707172415871773d3d%26oauth_nonce%3Dcc02cc44-50f7-4500-a526-907b1fe5f217%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1439926401%26oauth_version%3D1.0

</authSig>

This assertion is always failing because there is an & in the /authSig parameter value. Thought this assertion works fine if I replace the & to &amp;

I don't want to change anything in authSig , is there any way I can sign it without replacing the &????

Thanks in advance.

Good afternoon,

The XML payload you have provided is not valid and the XML parsers I tried to use can not validate it properly. You will either need to base64 the value or place CDATA tags to avoid XML parsers from trying to act against the data directly.

Sample:

<authSig>

<![CDATA[POST&https%3A%2F%2Fsandbox.api.mastercard.com%2FbillpayAPI%2Fv1%2FisRoutingValid&oauth_body_hash%3DWhqqH%2BTU95VgZMItpdq78BWb4cE%3D%26oauth_consumer_key%3DCO-0tm0VZClxhIWtKOE3rM8EvZjKe2KobsuQzX0a2d539cfb%214551503962614c766c526d384c6b64707172415871773d3d%26oauth_nonce%3Dcc02cc44-50f7-4500-a526-907b1fe5f217%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1439926401%26oauth_version%3D1.0]]>

</authSig>

Sincerely,

Stephen Hughes

Director, CA Support