All Finfare Connect publishers will be provided with a dev and production API Key along with an API Secret. Speak with your representative for these if you haven't already received them.

Authorisation is required for all API requests. Authenticate requests by providing a signature in the request header

Here's how it works:

Authorization: Bearer {signature}:{timestamp}:{apikey}
signature: HMAC-SHA256(api_key + verb + content + content_type + timestamp + url)

verb = Request Method

*content = If no content is provided, there will be no need to provide a value

Please note the below parameters should be encoded in Base64 before you compile and send your signature

timestamp: Base64 encoded
signature: Base64 encoded

function get_signature($verb, $content, $url) {
    $nimdaapikey = API_KEY;
    $nimda_secret = API_SECRET_KEY;
    $timestamp = date("Y-m-d h:i:s");
    $signature = $nimdaapikey . $verb . $content . "application/json" . $timestamp . $url;
    $hmac_signature = base64_encode(hash_hmac('sha256', $signature, $nimda_secret, true));

    $created_signature = $hmac_signature . ':' . base64_encode($timestamp) . ':' . $nimdaapikey;
    return $created_signature;

Finally, feel free to ask your representative for our Postman Collection. They would be more than happy to provide!