AFAIK according the draft HTTP request signing rfc [1] defines explicit instructions for normalising, serialising and signing HTTP headers (not body). However, you can use an HTTP Digest header for example, that is a hash of the plaintext body to authenticate the body