API Key Authorization

overview to ensure the integrity of server requests, every request must be signed the signature serves as a unique representation of the request and is included in the authorization header signature details the signature is generated using a specific algorithm applied to the request parameters the resulting value is a canonicalized signing string, ensuring the request's authenticity required headers each client request must include the following headers date current time given as a date string in rfc7231 format note that this value is always in the gmt timezone example date tue, 07 jun 2014 20 51 35 gmt authorization this header contains information on how the request is authorized algorithm defines the signature hashing algorithm, by default hmac sha256 headers defines the headers used to derive the signature, set this to date apikey the api key used for the request signature the base64 encoded value of the signing string see the specification is on the request signature docid\ km0ibipci1fqucltts9sj page example authorization header algorithm="hmac sha256", headers="date", signature=" base64 here ", apikey=" company api key here " ensure that the date header value is set to current time the server allows timestamps that are up to 15 minutes old errors all returned errors have an http status code of 400 or higher, and a response body as follows { status number, code string, message string } json schema { "$schema" "https //json schema org/draft/2020 12/schema", "type" "object", "properties" { "status" { "type" "number" }, "code" { "type" "string" }, "message" { "type" "string" } }, "required" \[ "status", "code", "message" ], "additionalproperties" false } the following is list of errors related to authorization are common for all license api endpoints date header diff (400) authorization invalid headers (400) hmac required (400) signature mismatch (400) authorization missing params (400) invalid api key (400) revoked api key (400) read only api key (400)