Authentication and Authorization¶

When you sign up for an API key, we will generate a public and private key for you, and an initial cryptographic SALT.

When you send a request to our API, you need to

1. Generate a Unix timestamp of the current time.
2. Build a string consisting of the timestamp, your public API key, and your SALT concatenated together in that order, with no delimiters.
3. Encrypt the string using HMAC-SHA256, with your private API key as the encryption key.
4. Add your public key, encrypted hash and timestamp to your request in the Authorization header in the format below.

Authorization: KeyAuth publicKey=abc123 hash=A5748BE83DF8674D ts=1345781243