Skip to main content

Signature

The ACCESS-SIGN header is generated as follows:

Produce the SecretKey.
Create a prehash string of http method + requestPath
Sign the prehash string with the SecretKey using the HMAC SHA256.
Encode the signature in the Base64 format.
The request method must be in UPPERCASE: e.g. GET and POST.

Example

Java
String signData = "GET" + "/api/v1/global/data/iVSummary";
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(apiSecret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
sha256HMAC.init(secretKey);
String signature = Base64.getEncoder().encodeToString(sha256HMAC.doFinal(signData.getBytes(StandardCharsets.UTF_8)));

Python
message = bytes('GET' + '/api/v1/global/data/iVSummary', 'utf-8')
secret = bytes(apiSecret, 'utf-8')
signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())

JavaScript
signature=CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256('GET' + '/api/v1/global/data/iVSummary', apiSecret))

Notice

The SecretKey is generated when you create an APIKey.

Example