Note: The Signature is the same for all API Methods apart from the Authenticate Method: Authenticate uses the API Key as its hash input whereas all other methods use the AuthenticationToken returned from the Signature method in place of the API Key.
For the Authenticate Method
Before you can authenticate with the API to gain an AuthenticationToken (as described in Authenticate Method), you need to create a Signature and for this you must send the APIKey, the Timestamp and the Shared Secret. You generate the Signature as follows:
- Join the
APIKey (generated as described in API - API Keys), to the DateTime that you're sending with the request with a full stop between them, for example:
sbBgu2lEG06LQbP94clrHSDPPHCZPthY.2018-10-16 14:27:31
- SHA-1 hash this string – make sure the result of the hash is in lower case.
- Append the Shared Secret (as described in API - API Keys), to this hashed string, again separating them with a full stop.
- SHA-1 hash the whole string again – again, make sure the result of the hash is in lower case. You then have the
Signature to use with the Authenticate method, as described in Authenticate Method.
For all other Methods
Whereas Authenticate uses the API Key as its hash input, all other methods use the AuthenticationToken returned from the Signature method in place of the API Key. For details about the AuthenticationToken, see Authenticate Method.
