GoCardlessClient.Signing (GoCardlessClient v2.0.0)

GoCardlessClient API request signing for Outbound Payments.

GoCardlessClient requires ECDSA P-256 (ES256) request signatures for outbound payment endpoints. The signature covers the request target, date, nonce, body digest, and content-type headers.

Setup

# Load your private key (PEM format)
pem = File.read!("private_key.pem")
{:ok, signer} = GoCardlessClient.Signing.new(key_id: "your-key-id", pem: pem)

Usage with the HTTP client

{:ok, payment} = GoCardlessClient.Resources.OutboundPayments.create(client, params,
  signer: signer,
  idempotency_key: GoCardlessClient.new_idempotency_key()
)

Summary

Types

algorithm()

t()

Functions

new(opts)

Creates a new Signing struct from a PEM-encoded private key.

new!(opts)

Like new/1 but raises on error.

sign_headers(signer, method, path, body)

Generates the signing headers for an outgoing request.

Types

algorithm()

@type algorithm() :: :ecdsa | :rsa

t()

@type t() :: %GoCardlessClient.Signing{
  algorithm: algorithm(),
  key_id: String.t(),
  private_key: term()
}

Functions

new(opts)

@spec new(keyword()) :: {:ok, t()} | {:error, String.t()}

Creates a new Signing struct from a PEM-encoded private key.

Options

:key_id (required) — the key ID registered in your GoCardlessClient dashboard
:pem (required) — PEM-encoded private key binary
:algorithm — :ecdsa (default) or :rsa

new!(opts)

@spec new!(keyword()) :: t()

Like new/1 but raises on error.

sign_headers(signer, method, path, body)

@spec sign_headers(t(), String.t(), String.t(), binary()) ::
  {:ok, [{String.t(), String.t()}]} | {:error, String.t()}

Generates the signing headers for an outgoing request.

Returns {:ok, headers} where headers is a list of {name, value} tuples to merge into the request headers:

"Date" — RFC 2822 formatted UTC timestamp
"Nonce" — 32-char hex random nonce
"Digest" — SHA-256=<hex> of the request body
"Signature" — the full signature header string