The process for generation of the API Key is as follows:
To create a new key, Navigate to the Key Management . Click Create API Key, and you will be redirected to the Create an API Key window.
Provide a name for your API key and choose the necessary permissions. Additionally, select the option to Bind the IP Address to the API Key, if needed.
Note(i): Enabling the "Bind IP address to API Key" option enhances security by ensuring that the API key is only valid for requests originating from a specific IP address. This minimizes the risk of unauthorized access, as the key cannot be used from any other IP address
You can bind the API key to multiple IP addresses by entering them as a comma-separated list.
Click on Save. A One Time Password (OTP) will be shared on your registered Email ID and Mobile number.
Enter the received OTP in the respective boxes. An API Key will be generated.
Store the API Key and Secret on the following screens properly
To authenticate API requests, clients must generate an HMAC-SHA256 signature using their API secret and send it in the request header. The API key must also be included in the request headers.
X-AUTH-APIKEY: Your API key.
X-AUTH-SIGNATURE: HMAC-SHA256 signature of the payload using your API secret.
The generated signature is a hexadecimal (hex) encoded string. This means that after computing the HMAC-SHA256 hash of the payload using the API secret, the output is converted into a lowercase hexadecimal string representation.
1. Determine the payload:
For GET and DELETE requests: Use the query parameters as the payload.
For POST and PUT requests: Use the request body as the payload.
2. Generate the HMAC-SHA256 signature by hashing the payload with the API secret.
3. Convert the computed hash to a hex string.