Any Resource that requires a role must have a header property of the following format:
Authorization: :
The signed request hash is comprised of the session token + : + the relative url + , + the Http method + , + Date + , + nonce This string is then Sha-256 encoded and then Base64 encoded
An example:
Example: 9fbc6f9a-af1b-4767-a492-c8462fd2a4d9:user/2e2ce9e8-798e-42b6-9326-fd2e56aef7aa/cards,POST,2012-06-30T12:00:00+01:00,34e321a7c4
This will be SHA-256 hashed and then Base64 encoded to produce:
HR/3DJp8RCGo50Wu+/3cr7ibdoNXKg1eYMt3HO5QoP4=
Authorization: 2e2ce9e8-798e-42b6-9326-fd2e56aef7aa:HR/3DJp8RCGo50Wu+/3cr7ibdoNXKg1eYMt3HO5QoP4=
@author : Iain Porter