# Generating a Signature

In order to authorize your API requests, the system requires a SHA-256 hash of the payload as a signature. This signature serves as a digital seal, guaranteeing the integrity and origin of the data being transmitted.

These steps can be applied to various programming languages, as the underlying HMAC-SHA256 concept remains the same. However, please note that the specific implementation details might vary based on the programming language used.

## 1. Prepare Input Parameters

Gather the components of the API request that need to be included in the signature:

* `method`: The HTTP method of the API request (e.g., 'GET', 'POST').
* `url`: The URL of the API endpoint.
* `bodyBuffer`: a JSON string payload, which is converted into a Buffer.
* `timestamp`: A timestamp indicating when the request is being made (in miliseconds).
* `secretKey`: A secret key used for HMAC-SHA256 encryption.

## 2. **Decode the Secret Key**

Decode the base64-encoded `secretKey` to obtain the original secret.

## 3. **Create HMAC Instance**

Concatenate the components of the request in this order into a single string.

1. method,&#x20;
2. URL,&#x20;
3. timestamp,&#x20;
4. and the request body.

Create an HMAC instance using the SHA-256 hash algorithm and the secret key. Pass the string into the HMAC instance.

## 4. Generate HMAC Digest

Generate the HMAC digest by finalizing the HMAC computation. This step produces a binary hash.

## 5. Encode the Digest

Encode the binary hash into a string representation. The encoding format should be a base64Url.

## Code Example (TypeScript)

The following is an example code implementation using Typescript:

```typescript
import * as crypto from 'crypto';

function atob(str: string) {
  return Buffer.from(str, 'base64').toString('binary');
}

export function createSignature(
  method: string,
  url: string,
  body: any,
  timestamp: string,
  secretKey: string,
) {
  const bodyBuffer = Buffer.from(JSON.stringify(body));

  const secret = atob(secretKey);

  const hmac = crypto.createHmac('sha256', secret);
  hmac.update(timestamp);
  hmac.update(method);
  hmac.update(url);

  if (bodyBuffer != null) {
    hmac.update(bodyBuffer);
  }

  const hash = hmac.digest();
  const signature = hash.toString('base64url');

  return signature;
}
```

You're all set. Include the generated signature in the API request headers.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.idrx.co/api/generating-a-signature.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.