HTTP requests made to the server need to be authenticated. To do so you need an access_key to identify you as the requester and a secret_key to sign the request. You can find these keys on your Profile.
Any HTTP request (POST or GET) must contain your access_key, a timestamp parameter with the time of the request (ISO 8601 format) and the HMAC signature of the message's content. This signature allows us to authenticate your HTTP request and verify the data integrity of your message.
To sign your HTTP request you need to produce an HMAC signature of its contents. You can find an example of how to do this using JavaScript in our Node.js CLI.
The hmac_signature_data is constructed by concatenating the following information separated by semicolons:
api4.jscrambler.com)/application or /application/download/<PROTECTION_ID>)url_query_string) which includes the access_key and the timestamp<REQUEST_METHOD>;<API_HOSTNAME>;<RESOURCE_PATH>;<URL_QUERY_STRING>
The following is an example of the hmac_signature_data:
GET;api4.jscrambler.com;/application;access_key=YOUR_UPPERCASE_ACCESS_KEY×tamp=DATE
Additional parameters like the query and the variables can be sent in the request (other than the access_key and the timestamp). Including these parameters inside the url_query_string must take the following into consideration:
':' should look like '%3A' and not like '%3a')'%7E' by '~' , '+' by '%20' and '*' by '%2A' if that did not happenaccess_key and secret_key must be uppercasesecret_key is used to produce the signature but it should never be included as a parameter of the HTTP request (or someone else might be able to do requests on your behalf)Finally take the HMAC digest and encode it with MIME Base64 and add it as parameter of the HTTP request (you can find an example on how to make a request GraphQL Request Example).