Authentication Summary

Every authenticated request will contain these headers:

request['X-Gw-Api-Key']   = api_key
request['X-Gw-Timestamp'] = timestamp
request['X-Gw-Signature'] = signature
var headers = {
  "Content-Type": "application/json",
  "Accept": "application/json",
  "X-Gw-Api-Key": api_key,
  "X-Gw-Timestamp": timestamp,
  "X-Gw-Signature": signature

The API will respond with an authentication error if:

  • The API key is missing, invalid, revoked, or not associated with the secret key used to generate the signature
  • The timestamp header is missing, invalid, or not within 60 seconds of the server's clock
  • The signature header is anything but the correct signature for the supplied timestamp, request method, endpoint and payload using the secret key associated with the provided API key