HMAC signing in the API — technical guide

For security, each request must include:

  • X-Api-Key
  • X-Timestamp (max ±5 minutes)
  • X-Signature

Signature formula:

payload = timestamp + "\n" + METHOD + "\n" + path + "\n" + body
signature = HMAC-SHA256(api_secret, payload)

More details in API documentation.

← Back to blog