Request signing

{method}
{pathname}
{timestamp}
{rawBody}
{nonce}

import { createHash, randomBytes } from 'node:crypto';
import { secp256k1 } from '@noble/curves/secp256k1';

function signWaasRequest({ method, pathname, body = '', accessPrivateKeyHex }) {
  const timestamp = new Date().toISOString();
  const nonce = randomBytes(16).toString('hex');
  const publicKey = Buffer.from(secp256k1.getPublicKey(accessPrivateKeyHex, false)).toString('hex');
  const signaturePayload = `${method}\n${pathname}\n${timestamp}\n${body}\n${nonce}`;
  const payloadHash = createHash('sha256').update(signaturePayload).digest('hex');
  const signature = secp256k1.sign(payloadHash, accessPrivateKeyHex).toDERHex();
  return {
    'oauth-publickey': publicKey,
    'oauth-signature': signature,
    'oauth-timestamp': timestamp,
    'oauth-nonce': nonce,
  };
}

const pathname = '/v1/waas/wallet/balances';
const res = await fetch(`https://cloud.handcash.io${pathname}`, {
  method: 'GET',
  headers: {
    'app-id': process.env.HANDCASH_APP_ID,
    'app-secret': process.env.HANDCASH_APP_SECRET,
    ...signWaasRequest({
      method: 'GET',
      pathname,
      accessPrivateKeyHex: process.env.USER_ACCESS_PRIVATE_KEY,
    }),
  },
});