Authentication for HMAC SHA256 signature


I am trying to develop a connector for Unleashed (, however, this API requires a HMAC SHA256 signature of the query URL (but only everything after ? if there is a query) and the API key.

This is taken from their documentation:

Each request to the API must include these four values sent as HTTP headers:

  • Content-Type - This must be either application/xml or application/json.
  • Accept - This must be either application/xml or application/json.
  • api-auth-id - You must send your API id in this header.
  • api-auth-signature - You must send the method signature in this header.
  • client-type - You must send your client-type in this header to enable tracking. The value must follow the convention partner_name/app_name or partner_name. i.e. acme/acmeEDI or acme.

So, if the endpoint was:
/Products - it would need to be a base64 encoded signature of “” and the api key
/Products/3?pageSize=100 - it would need to be a base64 encoded signature of “pageSize=100” and the api key.

Any ideas how I can achieve this?

Thank you!

Hello there! You are receiving this message because none of your fellow community members has stepped in to respond to your topic post. (If you are a community member and you are reading this response, feel free to jump in if you have the answer!) As a result, the Community Assistance Team has been made aware of this topic and will be investigating and responding as quickly as possible.
Some important considerations that will help your to get your issue solved faster:

  • It is best to use our topic creation template; if you haven’t yet, we recommend posting a followup with the requested information. With that information the team will be able to more quickly search for similar issues with connectors and the platform and troubleshoot more quickly your specific question or problem.
  • Make sure to upload the complete log file; a common investigation roadblock is that sometimes the error for the issue happens well before the problem is surfaced to the user, and so having the tail of the log is less useful than having the whole log to scan through.
  • Be as descriptive and specific as possible; when investigating it is extremely valuable to know what steps were taken to encounter the issue, what version of connector / platform / Java / Python / docker / k8s was used, etc. The more context supplied, the quicker the investigation can start on your topic and the faster we can drive towards an answer.
  • We in the Community Assistance Team are glad you’ve made yourself part of our community, and we’ll do our best to answer your questions and resolve the problems as quickly as possible. Expect to hear from a specific team member as soon as possible.

Thank you for your time and attention.
The Community Assistance Team