Skip to main content

Create Signature

Registration

Registered users of the API will be issued with a key and secret.

End points require authentication by passing the following URL params:

- key - identifies the requesting organisation
- timestamp - UNIX timestamp at time signature is calculated, used to prevent a stolen signature be reused
- signature - calculated as SHA256 hash of a string constructed by concatenating the `key` and `timestamp`; then base64 encoded

Signature Generation

NOTE: the signature hash string should be base64 encoded. This is pretty simple in PHP but the output of the hash function in some languages is not a string!

PHP Sample Code

$signature = base64_encode(
    hash_hmac(
        'sha256',
        $key . $timestamp,
        $secret
    )
);

Python Sample Code

    import requests
    import time
    import hmac
    import hashlib
    import base64

    API_KEY = ""
    API_SECRET = ""

    timestamp = str(int(time.time()))
    message = API_KEY + timestamp

    hash = hmac.new(API_SECRET.encode(), message.encode(), hashlib.sha256)
    signature = base64.b64encode(hash.hexdigest().encode()).decode()

    print("Timestamp:", timestamp)
    print("Hash:", hash.hexdigest())
    print("Signature:", signature)

Typescript Sample Code

// Get current UNIX timestamp (in seconds)
const currentTimestamp = Math.floor(Date.now() / 1000);
pm.environment.set("currentTimestamp", currentTimestamp);

// Get key and secret from environment
const key = '***';
const secret = '****';

// Build the message: key + timestamp
const message = key + currentTimestamp;

// Step 1: Calculate the HMAC-SHA256 and get HEX string
const hashHex = CryptoJS.HmacSHA256(message, secret).toString(CryptoJS.enc.Hex);

// Step 2: Convert HEX string into a WordArray using UTF-8 encoding
const hexAsUtf8 = CryptoJS.enc.Utf8.parse(hashHex);

// Step 3: Encode that WordArray into Base64
const base64Signature = CryptoJS.enc.Base64.stringify(hexAsUtf8);

console.log("Hex:", hashHex);
console.log("Base64 of hex string:", base64Signature);

// Optionally set it in Postman environment
pm.environment.set("signature", base64Signature);


No comments to display

Back to top