JSON API
Authentication
7 min
all calls to the indexing api are authenticated by signing the request using hmac with sha384 as the hash function your rest api key is used to calculate the signature the signature must be calculated as described on this page how to calculate the signature to calculate a signature for your request implement the following algorithm in your application algorithm determine the following information about your request http method used, e g " put " url path, e g " /v2/batch " query string, e g " test=1 " secured headers, in order x klevu timestamp, e g " 2023 06 19t00 00 00 000z " ⚠️ the timestamp validation window is set to 20 minutes timestamp values provided by the merchant will be considered valid if they fall within a range of 10 minutes in the past and 10 minutes in the future x klevu apikey, e g "klevu 1234567890" x klevu auth algo, e g " hmacsha384 " this must match exactly including case content type, e g " application/json " request body, e g " {} " this must be the exact request body that will be sent to the api construct a string containing for example, using the data from above in the previous example, note the case of the header keys as well as the data the x klevu header keys are expected in upper case and "content type" must match as well calculate the binary signature bytes using the hmac algorithm with sha384 as the hash function use your rest api key as the secret next base64 encode the byte to get your signature set the authorization header on your request to "bearer \<signature>" substitute the content of the signature variable in place of "\<signature>" for this example, the full request would be sample postman collection for hmac generation in batch requests included below is a sample postman collection demonstrating the process of generating hmac signatures for batch requests of records the above file comprises a sample batch request upon importing the collection, you'll find a pre request script that dynamically generates a signature tailored to the submitted request within this batch request, a sample category record is included this file lists the environment variables necessary for signature generation upon import, we recommend updating the values for the following variables apikey and restauthkey with your respective js api key and rest api key for guidance on obtaining api keys, please refer to this article