Skip to content
  • There are no suggestions because the search field is empty.

Calculating Authorization Headers

Two headers must be present in each API request: (1) The current datetime, and (2) Your Authorization header. We’ll go over how to format/calculate both of these.

  1. The current datetime is in UTC time, and should look like this: Wed, 24 Oct 2019 16:59:00 GMT
  2. Your Authorization Header will look something like this: OWL insertYourPublicKeyHere:ABCcEFgHIJKLmnOPqRStu+123/bbQ=

Step 1: Calculating Your Authorization Header

To create your Authorization Header, you will need the following:

  • The current date (as formatted above)
  • Your request verb in all caps, which is either "GET" or "POST"
  • The full path of your request after the host. As an example, the underlined part of the full request below is the part that is needed (note that the '/' after .com is included): https://api.darkowl.com/api/v1/endpoint1?aParam1=val1&aParam2=val2

The procedure is as follows:

  1. Concatenate the verb, full path, and date into a single string (no spaces in between each, no newline character) a. stringToSign = verb + full path + date
  2. Run the StringToSign through the HMAC-SHA1 algorithm using your private key.
  3. Base64 Encode the resulting HMAC hash value.
  4. Add an ‘Authorization’ header value with the HMAC value and public key in the following format, noting the “OWL” keyword in the header as shown here: Authorization: OWL yourPublicKeyHere:resultFromStep3 

Important notes on calculating your authorization header:

  1. The HMAC function needs to return a raw binary result, not a hex string.
  2. Calculate your HMAC before URL encoding the query string. DarkOwl will decode the encoded URLs prior to authenticating, so an HMAC ran on an encoded URL will result in a security hash mismatch.

Step 2: Adding the Date

Once your authorization header is completed, add a second header with the datetime, as shown here:

Date: Wed, 24 Oct 2019 16:59:00 GMT

The date used in the Date header should be the exact same string you used to calculate the Authorization header.

Putting It All Together: The Request

To summarize, each request must have the following headers (*your exact values will vary):

Date: Wed, 24 Oct 2019 16:59:00 GMT

Authorization: OWL insertYourPublicKeyHere:resultFromStep3