All requests are authenticated using an API-Key authentication method.
For all GET and DELETE requests the api key and signature should be passed through the query string. For POST, PUT and PATCH requests “Authorize” or “Authorization” is passed through the header parameters, which is consisted of a public-key and a signature. The signature is generated from user’s private key using bellow algorithm.
Every HTTP_METHOD will have different signature because the HMAC hash string used to generate the signature is the HTTP method type (GET, POST and etc).

GET and DELETE Requests

Authentication for GET and DELETE requests

?apikey={PUBLIC_KEY}&signature={SIGNATURE}

POST, PUT and PATCH Requests

Request Header Parameters to authenticate POST, PUT and PATCH requests

Authorization: API {PUBLIC_KEY}:{SIGNATURE} 

Where the signature is generated from a hash of user’s Private Key (see bellow for details on how to create the signatures)

How to create the Signature

PHP example – HMAC hash to generate signature

hash_hmac("sha256", HTTP_METHOD, hash('sha256', $myPrivateKey));

Python Example – HMAC hash to generate signature

private_key = hashlib.sha256({private_key}).hexdigest()
signature = hmac.new(private_key, HTTP_METHOD, hashlib.sha256).hexdigest()

In generating signatures do not use “HTTP_METHOD” string to generate HMAC hash. Depending on your request type, the appropriate HTTP_METHOD such as “GET”, “POST” and etc., should be used as the HMAC hash string to generate proper signature.

{html}
Authorize: API {PUBLIC_KEY}:{SIGNATURE}

{html}
Authorization: API {PUBLIC_KEY}:{SIGNATURE}