Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Signature Verification

Outline:

  • Header carrying the signature (e.g. X-ShredPay-Signature).

  • Algorithm: HMAC-SHA256 over <timestamp>.<raw body>.

  • Per-endpoint signing secret (different from the API key).

  • Pseudocode for verification.

  • Replay protection: reject if timestamp is older than 5 minutes.

  • Sample implementations in Node, Python, Go.

PreviousOverviewNextEvents

Last updated