search

API Key Authorization

hashtag
Overview

To ensure the integrity of server requests, every request must be signed. The signature serves as a unique representation of the request and is included in the Authorization header.

hashtag
Signature Details

The signature is generated using a specific algorithm applied to the request parameters. The resulting value is a canonicalized signing string, ensuring the request's authenticity.

hashtag
Required Headers

Each client request must include the following headers:

Date

Current time given as a date string in RFC7231arrow-up-right format. Note that this value is always in the GMT timezone.

Example:

Date: Tue, 07 Jun 2014 20:51:35 GMT

Authorization

This header contains information on how the request is authorized:

  • algorithm: Defines the signature hashing algorithm, by default hmac-sha256

  • headers: Defines the headers used to derive the signature, set this to date

  • apikey: The API key used for the request

  • signature: The Base64-encoded value of the signing string. See Request Signature.

Example Authorization header:

circle-exclamation

Ensure that the Date header value is set to current time. The server allows timestamps that are up to 15 minutes old.

hashtag
Errors

All returned errors have an HTTP status code of 400 or higher, and a response body as follows:

JSON Schema

The following list of errors related to Authorization are common for all License API endpoints:

chevron-rightdate_header_diff (400)hashtag

chevron-rightauthorization_invalid_headers (400)hashtag

chevron-righthmac_required (400)hashtag

chevron-rightsignature_mismatch (400)hashtag

chevron-rightauthorization_missing_params (400)hashtag

chevron-rightinvalid_api_key (400)hashtag

chevron-rightrevoked_api_key (400)hashtag

chevron-rightread_only_api_key (400)hashtag

PreviousLicense API AuthorizationNextOAuth Authorization

Last updated

Was this helpful?