To authenticate your requests to the Vippy REST API you need to sign a string and put it in the "Authorization" header together with your request.
The string is simply the UTF-8 encoded value of some of the headers in your request:
To generate the string to sign you just sort the headers alphabetically, remove any spaces and make all characters lowercase. Then you calculate a HMAC-SHA1 hash using the string and your Secret Key as the key. Convert the resulting value to base64 to get your signature to include in your request.
To pass the signature to Vippy, you include it as part of the standard HTTP Authorization header. You include both the signature and your API Key in the header
using the following format:
Authorization: Vippy <Vippy API Key>:<Signature>
Example headers with authentication: