Authentication

Lone wolf token (http_api_key)

Custom HMAC-signed authorization scheme used when calling resources that access your actual data:

Authorization: LoneWolfToken [API Token]:[Client Code]:[Signature]:[Date]

A Content-MD5 header is also required on every request (base 64 encoded MD5 hash of the request body, or of an empty string for requests without a body: 1B2M2Y8AsgTpgAmY7PhCfg==).

The signature is the HMACSHA256 hash (seeded with your secret key) of [HTTP Method]:[Resource URI]:[Date]:[Content-MD5]. HMACSHA384 and HMACSHA512 are also supported by appending the algorithm to the scheme (e.g. LoneWolfToken-HMACSHA512).

See the Authentication, Creating a Request, and Creating the Signature sections of the introduction for full details, date format, and worked examples. A separate LoneWolfKey scheme exists for resources that deal with your API account; there is never a scenario where you would send more than one type of authorization scheme.