HTTP requests made to the server need to be authenticated. To do so you need an
access_key to identify you as the requester and a
secret_key to sign the request. You can find these keys on your Profile.
Any HTTP request (POST or GET) must contain your
timestamp parameter with the time of the request (ISO 8601 format) and the HMAC signature of the message's content. This signature allows us to authenticate your HTTP request and verify the data integrity of your message.
hmac_signature_data is constructed by concatenating the following information separated by semicolons:
url_query_string) which includes the
The following is an example of the
Additional parameters like the query and the variables can be sent in the request (other than the
access_key and the
timestamp). Including these parameters inside the
url_query_string must take the following into consideration:
':'should look like
'%3A'and not like
'%2A'if that did not happen
secret_keymust be uppercase
secret_keyis used to produce the signature but it should never be included as a parameter of the HTTP request (or someone else might be able to do requests on your behalf)
Finally take the HMAC digest and encode it with MIME Base64 and add it as parameter of the HTTP request (you can find an example on how to make a request here).