User either api key or client name/private key (Pure) to authenticate. For the latter, the HMAC headers are automatically generated for you. Instructions on how to do so manually are below.
A valid request should contain the following headers:
Accept: application/json
Content-Type: application/json
hmac-auth-date: <current timestamp in UTC format>
hmac-auth-signature: <public key>
The public key is generated as follows:
Calculate a SHA256 hash on the HTTP body text (if present).
Encode the resulting string in Hex
Create the following string concatenated by newlines: <HTTP method (e.g. GET)>\n<current timestamp in UTC format>\n<request URL>\n<encoded HTTP body text>
Calculate a HmacSHA256 hash on the resulting string.
Encode the resulting string in Base64
Prepend the string with <user name>: to create the final public key