The Signature is the RFC 2104 HMAC-SHA1, of selected elements from the request, and so the Signature part of the Authorization header will vary from request to request.

Here is a piece of pseudo-code that demonstrates the Authorization header construction. \n means the Unicode code point U+000A, commonly called a newline:

StringToSign = HTTP-Verb + “\n” +
   Content-MD5 + “\n” +
   Content-Type + “\n” +
   Date + “\n” +

Signature = Base64( HMAC-SHA1( Api.secret, UTF-8-Encoding-Of( StringToSign ) ) );

Authorization = "HMAC " + Api.key + “:” + Signature;

So this should look like the Authorization header below:

curl -X POST \ \
  -H 'Authorization: HMAC DjlHuWlApznJ7vrhPBL0fA:N2eEvkJQ07EpFau90pL5xMpBO3g=' \
  -H 'Content-Type: application/json' \
  -H 'Date: Tue, 25 Sep 2018 17:41:40 GMT' \
  -d '{"price_amount":"100","price_currency":"EUR","pay_currency":"BTC"}'  

Make sure that the date used for signature is the same you put in the Date header

Last updated