iAsig API Docs
Authentication
Authentication
Generating the HMAC Signature
All requests to the API must include an X-Hmac-Signature header that contains your Partner ID and an HMAC signature of the request body. The signature is generated using the HMAC SHA512 algorithm, with the partner's secret API key as the HMAC key.
The API uses the X-Hmac-Signature header to verify that the request has not been tampered with and is from an authorized partner. Requests missing the HMAC signature or with an invalid signature will be rejected.
Examples
To generate the signature in code:
JS Example
const crypto = require('crypto');
const body = {...}; // JSON attributes in doc order
const secret = '...';
const partnerId = '...';
const hmac = crypto.createHmac('sha512', secret);
hmac.update(JSON.stringify(body));
const signature = hmac.digest('hex');
request.headers['X-Hmac-Signature'] = `${partnerId}:${signature}`;
PHP Example
$body = ['...']; // JSON attributes in doc order
$secret = '...';
$partnerId = '...';
$hmac = hash_hmac('sha512', json_encode($body), $secret);
$headers['X-Hmac-Signature'] = $partnerId . ':' . $hmac;
Python Example
import hashlib
body = {...} # JSON attributes in doc order
secret = '...'
partner_id = '...'
hmac = hashlib.sha512()
hmac.update(json.dumps(body).encode('utf-8'))
signature = hmac.hexdigest()
headers = {'X-Hmac-Signature': partner_id + ':' + signature}
Postman Pre-request Script
JS Example
const message = JSON.stringify(JSON.parse(pm.request.body.raw));
const secret = "...";
const partnerId = "...";
const hashHmacSHA512 = CryptoJS.HmacSHA512(message, secret).toString();
pm.request.headers.add(`x-hmac-signature:${partnerId}:${hashHmacSHA512}`);