The X-Gw-Signature request header contains a SHA256 HMAC signature of the X-Gw-Timestamp, request method, endpoint and payload as JSON headers, using your secret key, encoded as hex. If you are sending a GET or DELETE request, the payload will be empty.
For Javascript: Using CryptoJS
require 'date'
api_secret = 'YOUR_SECRET_KEY'
timestamp = DateTime.now.strftime('%Q')
method = 'POST'
endpoint = '/api/v1/contractors'
payload = {
contractor: {
email: '[email protected]',
first_name: 'Karen',
last_name: 'Example'
}
}.to_json
data = [timestamp, method, endpoint, payload].join
signature = OpenSSL::HMAC.hexdigest("SHA256", api_secret, data)
request['X-Gw-Signature'] = signature
var CryptoJS = require("crypto-js");
var timestamp = (new Date).getTime().toString();
var method = 'POST';
var endpoint = '/api/v1/contractors';
var payload = JSON.stringify({
"contractor": {
"first_name": 'Karen',
"last_name": 'Example',
"email": '[email protected]',
}
});
var data = [ timestamp, method, endpoint, payload ].join('');
var bytes = CryptoJS.HmacSHA256(data, api_secret);
var signature = bytes.toString(CryptoJS.enc.Hex);