Request Signature

6min
Overview
Requests sent to the server have to be digitally signed for purposes of authentication. The signature uses the Date header and signing algorithm used in License API Authorization﻿.
Signature Structure
The signature in the Authorization header is a Base64-encoded HMAC-hashed value of the signing string, which is composed of:
A constant string: licenseSpring
A newline character \n
The value of the Date header being sent in the request (see License API Authorization﻿ for more details). This is a date string in RFC7231 format
This signing string is then hashed with the customer's key (shared key) using the algorithm provided in the Authorization header (e.g. HMAC-SHA256). The resulting hash is then encoded in Base64.
Example of Signature Generation
The following is an example of how to generate a signature. First, let's assume the following values:
Your company's shared key is kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja
The Date header you set in the request is Tue, 07 Jun 2011 20:51:35 GMT
We'll use the default hashing algorithm, HMAC-SHA256
Now we can generate the signature:
1. Create the signing string:
Text
licenseSpring
date: Tue, 07 Jun 2011 20:51:35 GMT
licenseSpring
date: Tue, 07 Jun 2011 20:51:35 GMT
﻿
2. Hash the signing string using HMAC-SHA256
3. Encode the hashed value with Base64: UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=
The resulting string is then inserted into the Authorization header as the "signature" parameter:
Text
algorithm="hmac-sha256", headers="date", signature="UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=", apikey="_company_api_key_here_"
algorithm="hmac-sha256", headers="date", signature="UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=", apikey="_company_api_key_here_"
﻿
Sample Code
Generating a signature
JS
Python
const crypto = require('node:crypto'),
    shared_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
    signing_string = 'licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT';

let signature = crypto.createHmac('sha256', shared_key).update(signing_string).digest('base64');

console.log(signature);
// UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=
const crypto = require('node:crypto'),
    shared_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
    signing_string = 'licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT';

let signature = crypto.createHmac('sha256', shared_key).update(signing_string).digest('base64');

console.log(signature);
// UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=
﻿
Generating full HTTP request headers with SDK Demo keys
JS
Python
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generating headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

headers = {
  'Date': date_header,
  'Authorization': auth_header
}
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generating headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

headers = {
  'Date': date_header,
  'Authorization': auth_header
}
﻿
Full sample code for checking a license key with SDK Demo keys
JS
Python
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

import requests

API_URL = 'https://api.licensespring.com'

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generate headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

# Send request
product_short_code = '_your_product_short_code_goes_here_'
hardware_id = '_your_hardware_id_goes_here_'
license_key = '_your_license_key_goes_here_'

response = requests.get(
    url='{}{}'.format(API_URL, '/api/v4/check_license/'),
    params={'product': product_short_code, 'hardware_id': hardware_id, 'license_key': license_key},
    headers={
        'Date': date_header,
        'Authorization': auth_header,
        'Content-Type': 'application/json'
    }
)

print(response.json())
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

import requests

API_URL = 'https://api.licensespring.com'

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generate headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

# Send request
product_short_code = '_your_product_short_code_goes_here_'
hardware_id = '_your_hardware_id_goes_here_'
license_key = '_your_license_key_goes_here_'

response = requests.get(
    url='{}{}'.format(API_URL, '/api/v4/check_license/'),
    params={'product': product_short_code, 'hardware_id': hardware_id, 'license_key': license_key},
    headers={
        'Date': date_header,
        'Authorization': auth_header,
        'Content-Type': 'application/json'
    }
)

print(response.json())
﻿
﻿
Updated 16 Jan 2025
Did this page help you?
License API Authorization
Response Signature