Sample client code

These samples are for demonstration purposes only. BDM and the Australian Death Check are not liable in its use and these samples are only informative to developers in building requests to the Australian Death Check.

Note: We are willing to accept other samples from external parties if you wish to openly share.

Postman

Using the Pre-request script to generate calculated headers for a health check call:

const crypto = require('crypto-js');

const userId = 'testclient1';
const apiKey = 'testclient1password';
const remoteUserId = 'testremote';
const date = new Date().toISOString().split('.')[0]+"Z"; // removes the milliseconds
const formBody = pm.request.body;
const signatureRaw = userId + ':' + remoteUserId + ':' + date + ':' + formBody;
const signatureHashed = crypto.enc.Base64.stringify(crypto.HmacSHA256(signatureRaw, apiKey));

pm.request.headers.add({key: 'X-Authorization', value: signatureHashed})
pm.request.headers.add({key: 'X-Date', value: date})
pm.request.headers.add({key: 'X-UserID', value: userId})
pm.request.headers.add({key: 'X-RemoteUserID', value: remoteUserId})

Java sample

// From a constants class
------
public static final String DATE_HEADER = "X-Date";
public static final String AUTHORIZATION_HEADER = "X-Authorization";
public static final String USER_ID_HEADER = "X-UserID";
public static final String REMOTE_USER_ID_HEADER = "X-RemoteUserID";
public static final String ISO_DATETIME_FMT = "yyyy-MM-dd'T'HH:mm:ssZ";
public static final Charset UTF8 = Charset.forName("UTF8");
------

public class RequestSigner {
    public static final String MAC_FUNCTION = "HmacSHA256";
    
    private RequestSigner() {
    }
    
    public static String sign(String request, String date, String userId, String remoteUserId, Mac mac) throws UnsupportedEncodingException {
        String full = String.format("%s:%s:%s:%s", userId, remoteUserId, date, request);
        byte[] hashed = mac.doFinal(full.getBytes(Constants.UTF8));
        mac.reset();
        String encodeToString = new Base64().encodeToString(hashed);
        Arrays.fill(hashed, (byte)0);
        return encodeToString;
    }

    public static Mac createMac(byte[] secret) throws GeneralSecurityException, IOException {
        Mac mac = Mac.getInstance(MAC_FUNCTION);
        SecretKeySpec secretKey = new SecretKeySpec(secret, MAC_FUNCTION);
        mac.init(secretKey);
        Arrays.fill(secret, (byte)0);
        return mac;
    }
} 

-----
// Use case to create headers before sending the request
private Map<String, List<String>> generateHeaders(Mac mac, String request, String userId, String remoteUserId) throws UnsupportedEncodingException {
    try {
        Map<String, List<String>> headers = new HashMap<>();
        headers.put(Constants.USER_ID_HEADER, asList(userId));
        headers.put(Constants.REMOTE_USER_ID_HEADER, asList(remoteUserId));
        
        String date = new DateTime().toString(Constants.ISO_DATETIME_FMT);
        headers.put(Constants.DATE_HEADER, asList(date));
        String auth = RequestSigner.sign(request, date, userId, remoteUserId, mac);
        headers.put(Constants.AUTHORIZATION_HEADER, asList(auth));
        return headers;
    } catch (Exception e) {
        throw new IllegalStateException(e.getMessage(), e);
    }
}

NodeJS (Express app)

const crypto = require('crypto');
const axios = require('axios');
const moment = require('moment');
const express = require('express')
const cors = require('cors')
const { v4: uuidv4 } = require('uuid');

const app = express()
const port = 3000
app.use(express.json()) 
app.use(cors())

// place somewhere secure
const secret = 'testclient1password';
const endpoint = 'https://testdms.services.bdm.qld.gov.au/ws/api/search/match';
const userId = 'testclient1';

app.post('/verify', (req, res) => {  
  const remoteUserId = 'adc demo';
  const date = moment().format();  
  const dateofbirth = moment(req.body.dateofbirth, 'YYYY-MM-DD').format('DD/MM/YYYY');
  const requestId = uuidv4();
  console.log('Sending %s', requestId);
  const payload = {
    'requestId': requestId,
    'datasource': 'FOD',
    'dataset': 'ADCPARTNAMEEXACTDOB',
    'remoteUser': remoteUserId,
    'prehashed': false,
    'fields': [
      { 'name': 'DB', 'value': dateofbirth },
      { 'name': 'SN', 'value': req.body.surname },
      { 'name': 'GN', 'value': req.body.givennames }
    ]
  }

  const formBody = JSON.stringify(payload);
  this.signature = userId + ':' + remoteUserId + ':' + date + ':' + formBody;      
  const hmac = crypto.createHmac('sha256', secret);
  hmac.write(this.signature);
  hmac.end();
  this.signatureHashed = hmac.read().toString('base64');
  
  axios({
    url: endpoint,
    method: 'post',
    data: payload,
    headers: {
      'X-Date': date,
      'X-UserID': userId,
      'X-RemoteUserID': remoteUserId,
      'X-Authorization': this.signatureHashed
    }
  }).then((result) => {
    res.send(result.data);
  }).catch((error) => {
    console.log(error);
    res.send(error);
  })
})

app.listen(port);