Their documentation about the authentication here says,
api-auth-signature- You must send the method signature in this header.
The method signature must be generated by taking the query string, and creating a HMAC-SHA256 signature using your API key as the secret key.
Only the query parameters portion of the URL is used in calculating the signature eg for the request
/ Customers?customerCode=ACME use the string
customerCode=ACME when generating the signature. Do not include the endpoint name in the method signature.
Do not include the query indicator
? in the method signature.
If you generate the signature incorrectly you will not be able to access the API, instead you will only receive a “403 forbidden” response.
Note:that the query string can also be empty, eg for the request /Customers, in which case you must provide a signature created by calling
GetSignature(empty string, your key).
So it means you need to use your query parameters in the api-auth-signature generation and give empty string if you do not have any query parameters. You do not need to include the endpoint name in the signature.
You can generate your signature using any cryptography tools, I created a signature with an empty input string and use API key as the secret key.
Then you can use this string as the api-auth-signature parameter value in the query header as shown below and get the data.
You can also generate the signature by including the parameters in the input sting and use the output string to get the data based on those parameters.