API key authentication
Send your developer API key on every authenticated request using either header:Optional HMAC signing
For server-to-server integrations, you may sign requests with your API secret:| Header | Description |
|---|---|
x-signature | HMAC-SHA256(secretKey, timestamp + METHOD + path + body) |
x-timestamp | Epoch milliseconds; rejected if drift exceeds 5 minutes |
x-signature is omitted, HMAC verification is skipped.
Detailed signing examples per language will be added in a follow-up update.