We wanted to implement HMAC verify Authentication in apigee edge for high sensitive data using HMAC Policy that is available as out of the box & wanted to know if we can use it for all GET, POST/PUT operations?

Eg: to use [signature] = Base64(HMAC-SHA-256(SharedSecretKey, StringToSign ) )

StringToSign = HTTP-Verb + "\n" + Content-SHA256 + "\n" + Content-Type + "\n" + Timestamp + "\n" + RequestURI

Have above StringToSign for POST/PUT & GET without a content & content-type.

Is this acheivable with the current HMAC Policy available?