> For the complete documentation index, see [llms.txt](https://docs.licensespring.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.licensespring.com/license-api/license-api-authorization/api-key-authorization.md).
# API Key Authorization
### Overview
To ensure the integrity of server requests, every request must be **signed**. The **signature** serves as a unique representation of the request and is included in the **Authorization** header.
#### Signature Details
The signature is generated using a specific algorithm applied to the request parameters. The resulting value is a canonicalized signing string, ensuring the request's authenticity.
#### Required Headers
Each client request must include the following headers:
**Date**
Current time given as a date string in [**RFC7231**](https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.1.1) format. Note that this value is always in the GMT timezone.
Example:
```none
Date: Tue, 07 Jun 2014 20:51:35 GMT
```
**Authorization**
This header contains information on how the request is authorized:
* **algorithm**: Defines the signature hashing algorithm, by default `hmac-sha256`
* **headers**: Defines the headers used to derive the signature, set this to `date`
* **apikey**: The API key used for the request
* **signature**: The Base64-encoded value of the signing string. See [**Request Signature**](/license-api/license-api-authorization/request-signature.md).
Example Authorization header:
```none
algorithm="hmac-sha256", headers="date", signature="_base64_here_", apikey="_company_api_key_here_"
```
{% hint style="warning" %}
Ensure that the Date header value is set to current time. The server allows timestamps that are up to 15 minutes old.
{% endhint %}
### Errors
All returned errors have an HTTP status code of 400 or higher, and a response body as follows:
```typescript
{
status: number,
code: string,
message: string
}
```
JSON Schema
```json
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"properties": {
"status": { "type": "number" },
"code": { "type": "string" },
"message": { "type": "string" }
},
"required": [
"status",
"code",
"message"
],
"additionalProperties": false
}
```
The following list of errors related to Authorization are common for all License API endpoints:
date_header_diff (400)
authorization_invalid_headers (400)
hmac_required (400)
signature_mismatch (400)
authorization_missing_params (400)
invalid_api_key (400)
revoked_api_key (400)
read_only_api_key (400)
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.licensespring.com/license-api/license-api-authorization/api-key-authorization.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.