Authentication
Most Variational API calls require the request to be authenticated by an HMAC-SHA256 signature generated using an API Key and an API Secret. You can obtain those by generating API credentials for your company in the UI's settings pages.
Required Headers
All requests to Variational API endpoints requiring authentication must include 3 headers:
X-Request-Timestamp-Ms: Unix timestamp of the request (in milliseconds)X-Variational-Key: client API keyX-Variational-Signature: a signature derived from the timestamp, client API key, secret, some of the request parameters and payload
For example:
curl --request GET \
--url 'https://api.testnet.variational.io/v1/addresses' \
--header 'X-Request-Timestamp-Ms: 1707254051670' \
--header 'X-Variational-Key: dfeee8ee-bb76-4194-9570-32f163a0d342' \
--header 'X-Variational-Signature: e120b1c6cbd7dcf2d465a8ba8431421d46da17cb031c02bb810104654a5d1918'Time Accuracy
For security, we require that the timestamp you specify on the request does not differ from the current time on our API servers by more than 5 seconds.
You can access the Variational API server time using the /status endpoint:
https://api.testnet.variational.io/v1/status (doesn't require authentication)
Generating a Signature
A signature is generated by writing an authentication message to a byte buffer and signing it with HMAC-SHA256. The message is an ascii-encoded string consisting of the following values divided by pipe | symbols:
For example,
For endpoints expecting a request payload, the exact bytes of the HTTP request body must be appended to the authentication message buffer following another pipe symbol:
Python Code Examples
For requests with a JSON payload:
Python SDK
The provided Python SDK Client takes care of request signing for you:
If you prefer to construct the requests manually, a helper function for request signing is available:
Last updated