Headers
This document describes each of the headers that are part of the Kompliant Web API and Kompliant Signature Version 1 (authentication) protocol. Three headers are always required:
AuthorizationX-API-KeyX-API-Auth-Token
Other headers may be required if additional data elements are signed.
Authorization
The Authorization header is where the signature is provided. The signature is the Base64 encoding of the output of HMAC-SHA256 function using the Secret Key to sign the string to sign. The Signing Process section of the Authentication document describes the process for calculating the signature.
The format is
Authorization: KSig1-HMAC-SHA256 <signature>
where <signature> is the Base64 string.
This header is always required.
X-API-Auth-Token
The X-API-Auth-Token header is the Auth Token that was issued as part of the credentials.
The format is
X-API-Auth-Token: <auth-token>
where <auth-token> is the Auth Token.
This header is always required.
X-API-Content-Hash
The X-API-Content-Hash header is the Content-MD5 data element that was included in the string to sign.
The format is
X-API-Content-Hash: <content-md5>
where <content-md5> is the Content-MD5 data element.
This header is required if the Content-MD5 data element is included in the string to sign. The value of the header and the value of the data element must be equal.
X-API-Key
The X-API-Key header is the API Key that was issued as part of the credentials.
The format is
X-API-Key: <api-key>
where <api-key> is the API key.
This header is always required.
X-API-Nonce
The X-API-Nonce header is the Nonce data element that was included in the string to sign.
The format is
X-API-Nonce: <nonce>
where is the Nonce data element.
This header is required if the Nonce data element is included in the string to sign. The value of the header and the value of the data element must be equal.
X-API-Signed-Elements
The X-API-Signed-Elements header includes a case-sensitive, semicolon-separated list of the names of data elements included in the string to sign. It must not contain spaces, such as between elements.
The names correspond directly to names as listed in the Data Elements document. If a name is included, it must be presented in the order as seen here:
API-Key
HTTP-Verb
URL-Path
Timestamp
API-Version
Content-Type
Content-MD5
Nonce
The format is
X-API-Signed-Elements: <data-element-x>;<data-element-x>
where <data-element-x> is the name of the data element included in the string to sign.
For example, if you included the API-Key, URL-Path, and Content-MD5 data elements, then the header would look like this:
X-API-Signed-Elements: API-Key;URL-Path;Content-MD5
If only the API-Key is signed, this header is optional.
If any other data elements are included (beyond API-Key), this header is required.
X-API-Timestamp
The X-API-Timestamp header is the Timestamp data element that is included in the string to sign.
The format is
X-API-Timestamp: <timestamp>
where <timestamp> is the Timestamp data element.
This header is required if the Timestamp data element is included in the string to sign. The value of the header and the value of the data element must be equal.
X-API-Version
The X-API-Version header indicates to the server what version of the API you are using.
The format is
X-API-Version: <version>
where <version> is the API version request.
This header is required if the API-Version data element is included in the string to sign. The value of the header and the value of the data element must be equal.
Updated about 1 year ago