Upon receipt of the request the API will:

  1. Generate the Request Signature. The API generates a Request Signature by hashing the HTTPVerb + ResourcePath + ApplicationKey using the Shared Secret as the HMAC key, storing the query parameters in the Query String in alphabetical order.
  2. Decode the Authorization Header. The Authorization Header is decoded using Base 64 and is compared to the Request Signature. When successfully matched the request is serviced; when unsuccessful an HTTP 401 Unauthorized code is returned.