Overview

To authenticate B2B API requests, your should generate an HMAC signature and sends it with each B2B API request.

You will need three headers:

The signature is computed from:

  1. A payload string derived from request body and URL parameters
  2. A timestamp bucket (time window) used to prevent replay

What to sign

Signature payload format

<payload_string>|<signature_timestamp>

Where:


How to build payload_string

  1. Start with an empty object payloadObj.
  2. If there is a request body, shallow-merge it into payloadObj.