Signature
The Signature is the RFC 2104 HMAC-SHA1, of selected elements from the request, and so the Signature part of the Authorization
header will vary from request to request.
Component
Description
HTTP method
GET
, POST
, PUT
, PATCH
MD5 hash sum of the string with JSON-serialized parameters
If there are no parameters in the request body (e.g. GET
), you then need to place just an empty string ""
as there is nothing to hash. Do not hash an empty string.
Content-Type
application/json
Date
Request URI
Everything that is after the base URL e.g. /api/invoices
Here is a piece of pseudo-code that demonstrates the Authorization
header construction. \n
means the Unicode code point U+000A
, commonly called a newline:
So this should look like the Authorization header below:
Make sure that the date used for signature is the same you put in the Date header
Last updated