AFAIK according the draft HTTP request signing rfc [1] defines explicit instructions for normalising, serialising and signing HTTP headers (not body). However, you can use an HTTP Digest header for example, that is a hash of the plaintext body to authenticate the body
Just to add to this restaurant based allegory, Spotify is like an all you can eat buffet that tries to serve out lots of sodas so you get bloated and don’t eat the expensive stuff they have
Extracts the JSONSchema based on path+method+response type from OpenAPI and then converts that to typescript