Headers

The API uses URL signing for securing requests. Below is an overview of how to use the x-tu-authorization header for secure communication._

An example of a normal HTTP will have the following headers:

Accept: application/json; charset=utf-8 
x-tu-authorization: protocol:TU1,accesskey:8ZBZY9VXRD4N6ZKUKM87,signedheaders:Content-Type;User-Agent;X-tu-date,signature:48d2c3b1ad24e04687235a80e859e38326e25e171ea0985a67032b19c28269ce 
X-tu-date: 2016-03-29T14:18:56.557+0200 
User-Agent: java-test-case 
Host: localhost:8080 
Content-Type: application/json; charset=utf-8

x-tu-authorization Header Structure

The x-tu-authorization header consists of four parts, each separated by commas. All parts are mandatory.
These parts are namely consist of:

Protocol:
The signing protocol used. Currently, only TU1 (Hmac SHA256 algorithm) is supported.
accesskey:
The API access key that the service will use to identify your request for signature matching.
signedheaders: A list of request headers used when constructing the signature.
signature:
The calculated signature.

An example of this is as per below:

protocol:TU1,accesskey:8ZBZY9VXRD4N6ZKUKM87,signedheaders:Content-Type;User-Agent;X-tu-date,signature:48d2c3b1ad24e04687235a80e859e38326e25e171ea0985a67032b19c28269ce

👍
Note:
To generate the signature included in the x-tu-authorization header, a Java example is provided.
This ensures that your request is securely signed and can be validated by the server
(see the relevant section of your implementation for details on how to calculate this signature)

Below is a code example for generating the signature for `x-tu-authorization header.
The code contains an example for both Java and C# languages:

public static void main(String[] args) {
    String secretKey = "9kyJBe5ps1yaYpDKuJ/Jud293f*hy/J*aQ/Mq54f";
    String contentType = "application/json; charset=utf-8";
    String userAgent = "MyApp/1.0";
    String timestamp = "2024-06-01T12:00:00Z";
    try {
        byte[] signature = getSignature(secretKey, contentType, userAgent, timestamp);
        System.out.println("Calculated Signature: " + HexFormat.of().formatHex(signature));
    } catch (GeneralSecurityException generalSecurityException) {
        System.err.println("Signature calculation failed: " + generalSecurityException);
    }
}
public static byte[] getSignature(String secretKey, String contentType, String userAgent, String timestamp) throws GeneralSecurityException {
    byte[] signature = calculateHmacSHA256(secretKey.getBytes(), contentType.getBytes());
    signature = calculateHmacSHA256(signature, userAgent.getBytes());
    signature = calculateHmacSHA256(signature, timestamp.getBytes());
    return signature;
}
public static byte[] calculateHmacSHA256(byte[] key, byte[] payload) throws GeneralSecurityException {
    String algorithm = "HmacSHA256";
    SecretKeySpec keySpec = new SecretKeySpec(key, algorithm);
    Mac mac = Mac.getInstance(algorithm);
    mac.init(keySpec);
    return mac.doFinal(payload);
}

private static string GetSignatureKey(string key, string contentType, string userAgent, string timestamp)
{
    var signature = HMACSHA256.HashData(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(contentType));
    signature = HMACSHA256.HashData(signature, Encoding.ASCII.GetBytes(userAgent));
    signature = HMACSHA256.HashData(signature, Encoding.ASCII.GetBytes(timestamp));
    return Convert.ToHexString(signature).ToLower();
}