Request Signature

Thanx will validate this signature. This is an extra security feature that provides a guarantee that a request was not tampered with on its way from client to server.

  1. Assemble the components of the string that will be signed:

    • Client ID
    • Request method (GET, POST, PATCH, PUT, DELETE)
    • Content Type (same as the header value or empty string if no body)
    • The request body (empty string if no body)
    • The request path
  2. Base64 encode the body after creating a digest using SHA-256.

  3. Join these strings together, with a comma separator.

  4. Create a digest using HMAC & SHA-256.

  5. Base64 encode the digest.

  6. This value is your signature header.

See examples to the right.

stringToSign = string.Join(

signature = Base64(HMAC-SHA256(ClientSecret, UTF8(stringToSign)))