Signature is used by BCA to verify that your request is not altered by attackers.
const crypto = require('crypto');
function signHmacSha256(key, str) {
var hmac = crypto.createHmac('sha256', key);
data = hmac.update(str);
gen_hmac= data.digest('hex');
return gen_hmac
}
var day=new Date().toISOString();
//For GET request (with no RequestBody), you still need to calculate SHA-256 of an empty string.
var dataBody ={};
const sha256Hash = crypto.createHash('sha256').update(JSON.stringify(dataBody).replace(/\s/g, ''), 'utf8').digest('hex');
const _method='GET';
//from OAUTH CREDENTIALS
const x_bca_secret = '8396cf1c-88af-4211-be9b-c4ea5198f27f';
const corporate_id = 'BCAAPI2016';
const account_number = '0201245680';
const start_date = '2016-09-01';
const end_date = '2016-09-01';
//for Account Statement endpoint
const _relative_path=`/banking/v3/corporates/${corporate_id}/accounts/${account_number}/statements?EndDate=${end_date}&StartDate=${start_date}`;
//for Balance Information endpoint
//const _relative_path=`/banking/v3/corporates/${corporate_id}/accounts/${account_number}`;
//from generate access token
const _access_token = '2vaMp6wDLqDuP684YBy2d5TiBMHq1mB6KwUFdLYxmYik8JTaQiPAgk';
var StringToSign = `${_method}`+":"+`${_relative_path}`+":"+`${_access_token}`+":"+`${sha256Hash.toLowerCase()}`+":"+ day;
const signature=signHmacSha256(x_bca_secret,StringToSign);
console.log('X-BCA-Signature :',signature);