Signing example

Suppose you have the following key and secret:

{
  "apiKey": "test_api_key",
  "appSecret": "test_api_secret"
}

and you want to send the following parameters:

{
  "foo": "bar",
  "egg": "spam"
}

  1. adding additional parameters, and we get:

{
  "foo": "bar",
  "egg": "spam",
  "timestamp": 1514736000000,
  "apiKey": "test_api_key"
}

  1. sort the parameters by their names, and we get:

['apiKey', 'egg', 'foo', 'timestamp']

  1. for each parameter, concatenate its key and value as a string, and we get:

['apiKeytest_api_key', 'eggspam', 'foobar', 'timestamp1514736000000']

  1. concatenate all such strings for all parameters, and we get:

apiKeytest_api_keyeggspamfoobartimestamp1514736000000

  1. append the resulting string with the app secret, and we get:

apiKeytest_api_keyeggspamfoobartimestamp1514736000000test_api_secret

  1. the sha256 hash of the resulting string in hexadecimal form should be used as the signature, so we get:

bf67314ff91f39952a267fb4bf3f9ed2b53f813cdcfba610f9d8643038a17326

  1. add signature back to request parameters, so we get

{
  "foo": "bar",
  "egg": "spam",
  "timestamp": 1514736000000,
  "apiKey": "test_api_key",
  "signature": "bf67314ff91f39952a267fb4bf3f9ed2b53f813cdcfba610f9d8643038a17326"
}

That’s what you need to send to the backend.