Generating a Custom Action authorization code

I need to dynamically generate an authorization code in order to authenticate my Custom Action for submitting a card transaction. The code needs combine a set of fields (among them the current date) in an HMAC-SHA256 signature that is base64 encoded. Here are the specs for anyone interested: https://epayments-api.developer-ingenico.com/s2sapi/v1/en_US/json/authentication.html?paymentPlatform=ALL

I was looking at the documentation for something similar (https://help.mypurecloud.com/articles/how-to-use-the-user-defined-oauth-credential-type/), but this does not go far enough. Two questions remain:

1. How to encode with HMAC-SHA256?
2. How to include the current timestamp in the signature?

Any insight is much appreciated.

This is beyond the capabilities of data actions. You will need to develop a middleware service that the data action calls with the necessary data from PureCloud. Your middleware service can then build an appropriately formed request for the external service, make that request, process the response, and send a response for the data action.

Additionally, you can request new features and enhancements at https://purecloud.ideas.aha.io/ideas.

Thanks Tim, I was afraid this would be the answer. Unfortunately, along with all the other concerns (availability, performance, etc.) my middleware would be in scope for PCI-DSS compliance.
I'm still pursuing a more static authentication possibility with the bank, but we may also hit a dead end there.

Sven,

Tim's correct that SHA256 is not in the current data actions toolkit, so the best solution for the moment would be an intermediary service (some serverless function like an AWS Lambda would seem an ideal choice).

Out of curiosity, what payment processor are you connecting to?

This is for Ingenico. I have linked to their documentation in my first post.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.