Documentation
kompliant.com

Quick Start Guide

Suggest Edits

This guide uses the minimum requirements to get you up and running quickly. However, it is recommended to include more data elements in the signing process than shown here. Including more will ensure better security. If you want to learn more about the other data elements that can be included in the signing process, see the Data Elements page.

Get your credentials

Follow the instructions on our Requesting API Credentials page to set up your account and obtain access. You will receive an API Key, Secret Key, an Auth Token.

Example

Let’s say your received the following credentials:

API Key:     sb_3eY9UJuj09636NVPlgmhfa  
Secret Key:  xBeain5pFnPyQkl98qzA+BG+Cjzskpqq9fGKDbDoXNP5  
Auth Token:  7F2Av26rUgtzJYgUG9IilG1W6ZMLnt7Dak3Gyht220KLpkBLSJRMOzhBYd

Sign the API Key

Using the HMAC SHA256 algorithm, sign the API Key using the Secret Key. You can use online sites or write a small script or program to perform the signing.

The Secret Key is 33 bytes Base64-encoded following the RFC 4648 specification. The binary value of the Secret Key should be used with the HMAC algorithm.

The API Key should be decoded using UTF-8 as bytes before running through the HMAC algorithm.

Example

Follow one of these methods to sign the API Key:

First, convert the Secret Key from Base64 format to hexadecimal format using https://base64.guru/converter/decode/hex.

Using our Secret Key above, we get the following hexadecimal representation:

c4179a8a7e691673f242497df2acc0f811be0a3cec929aaaf5f18a0db0e85cd3f9

Next, sign the API Key using https://cryptii.com/pipes/hmac.

Put the API Key in the Message box and the hexadecimal from above in the Key box. The hexadecimal format of the signed API key is:

896121e238caf707e34d777fdc6cc898f2cbd6cc1366208fa436e3eb6bc5a364

Finally, convert the hexadecimal value back to Base64 format using https://base64.guru/converter/encode/hex.

The signed value is:

iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q=

# Requires Python 3.6+
import hmac
import hashlib
import base64

# Example credentials from above
API_KEY = "sb_3eY9UJuj09636NVPlgmhfa"
SECRET_KEY = "xBeain5pFnPyQkl98qzA+BG+Cjzskpqq9fGKDbDoXNP5"

# Decode the base64 secret key to bytes
secret_bytes = base64.b64decode(SECRET_KEY)

# Sign the API key
signature = hmac.new(
    secret_bytes,
    API_KEY.encode('utf-8'),
    hashlib.sha256
).digest()

# Encode signature as base64
signed_api_key = base64.b64encode(signature).decode('utf-8')

print(f"Signed API Key: {signed_api_key}")
# Example output:
# Signed API Key: iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q=

// Requires Node.js 10+ (for built-in crypto module)
const crypto = require('crypto');

// Example credentials from the documentation
const API_KEY = "sb_3eY9UJuj09636NVPlgmhfa";
const SECRET_KEY = "xBeain5pFnPyQkl98qzA+BG+Cjzskpqq9fGKDbDoXNP5";

// Decode the base64 secret key to bytes
const secretBytes = Buffer.from(SECRET_KEY, 'base64');

// Sign the API key
const signature = crypto.createHmac('sha256', secretBytes)
                       .update(API_KEY, 'utf8')
                       .digest('base64');

console.log(`Signed API Key: ${signature}`);
// Example output:
// Signed API Key: iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q=

Make the API Request

With the API Key signed using the Secret Key, you can now make a request to a URL. The API Key must be included in the X-API-Key header. The Auth Token must be included in the X-API-Auth-Token header. And the signed value must be included in the Authorization header with the prefix KSig1-HMAC-SHA256. The rest of the headers and request should follow normal standards and protocols.

Example

Make a POST request to check authentication status with your credentials and signature:

curl -X POST \
-H 'Authorization: KSig1-HMAC-SHA256 iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q=' \
-H 'X-API-Key: sb_3eY9UJuj09636NVPlgmhfa' \
-H 'X-API-Auth-Token: 7F2Av26rUgtzJYgUG9IilG1W6ZMLnt7Dak3Gyht220KLpkBLSJRMOzhBYd' \
-H 'Content-Type: application/json' \
'https://api.kompliant.com/meta.checkAuthentication'

# Requires Python 3.6+
import requests

# Use the signed API key from the previous step
SIGNED_API_KEY = "iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q="
API_KEY = "sb_3eY9UJuj09636NVPlgmhfa"
AUTH_TOKEN = "7F2Av26rUgtzJYgUG9IilG1W6ZMLnt7Dak3Gyht220KLpkBLSJRMOzhBYd"

headers = {
    'Authorization': f'KSig1-HMAC-SHA256 {SIGNED_API_KEY}',
    'X-API-Key': API_KEY,
    'X-API-Auth-Token': AUTH_TOKEN,
    'Content-Type': 'application/json'
}

response = requests.post('https://api.kompliant.com/meta.checkAuthentication', headers=headers)
print(response.json())

// Requires Node.js 10+
const https = require('https');

// Use the signed API key from the previous step
const SIGNED_API_KEY = "iWEh4jjK9wfjTXd/3GzImPLL1swTZiCPpDbj62vFo2Q=";
const API_KEY = "sb_3eY9UJuj09636NVPlgmhfa";
const AUTH_TOKEN = "7F2Av26rUgtzJYgUG9IilG1W6ZMLnt7Dak3Gyht220KLpkBLSJRMOzhBYd";

const options = {
    hostname: 'api.kompliant.com',
    path: '/meta.checkAuthentication',
    method: 'POST',
    headers: {
        'Authorization': `KSig1-HMAC-SHA256 ${SIGNED_API_KEY}`,
        'X-API-Key': API_KEY,
        'X-API-Auth-Token': AUTH_TOKEN,
        'Content-Type': 'application/json'
    }
};

const req = https.request(options, (res) => {
    let data = '';
    res.on('data', (chunk) => data += chunk);
    res.on('end', () => console.log(JSON.parse(data)));
});

req.end();

A successful response will look similar to the following (note that the example credentials above will not work - you'll need to use your own credentials to get this response):

{
  "meta": {
    "status": "SUCCESS",
    "trace_id": "trc_6NczMo5xTU9BWTEO6RlPBc",
    "version": "2025-03-24"
  },
  "data": {
    "authenticated": true
  }
}

Updated 7 months ago