API ReferenceGuidesChangelog
Guides
Start typing to search…

Authentication

Overview

Authentication to the API is handled using API keys and secret keys. Follow the steps below to obtain and use these keys.

Obtaining API and Secret Keys

To receive your API and secret keys, please contact AET directly at [email protected].

Request Headers

Include the following headers in your requests:

  • timestamp - Current timestamp in milliseconds.
  • authorization - The API token in the format Bearer ${TOKEN}.
  • accept - Must be application/json.
  • content-type - Must be application/json.
  • signature - The signature generated as outlined below.

Signature Generation

The signature header is created by generating a SHA256 HMAC using the secret key. The pre-hash string is formed by concatenating the timestamp, HTTP method, requestPath, and the request body. The resulting HMAC is then base64 encoded.

Pseudo-code for signature generation:

Function generateSignatureHeader(timestamp, method, requestPath, body, secretKey):
    // Form the pre-hash string
    preHashString = timestamp + method + requestPath + body
    
    // Create an HMAC object using SHA256 with the secret key
    hmac = createHMAC(preHashString, secretKey, SHA256)
    
    // Compute the HMAC
    hash = computeHMAC(hmac)
    
    // Base64 encode the hash
    signatureHeader = base64Encode(hash)
    
    // Return the signature header
    return signatureHeader

Important considerations:

  • The body is the request body string, or omitted if there is no request body (usually for GET requests).
  • The HTTP method should be in UPPER CASE.
  • The timestamp header must be the number of milliseconds since Unix Epoch.
  • The requestPath should not include the leading slash (/). For example, use v3/users instead of /v3/users.
  • For multipart form uploads, use an empty string as the body when generating the signature.

Environments

There are two environments available: Sandbox and Live. Each environment requires separate API keys.

Sandbox Environment

The sandbox environment is used for testing your application. The sandbox API URL is:

https://sandbox.aet.dev

You must successfully use the sandbox environment before proceeding to the live environment.

Live Environment

The Live environment is AET's production environment. The URL is:

https://api.aet.dev

Updated 2 months ago