# Signature

The Signature is calculated based on the `timestamp`, `request body` and your `Secret Key` with HMAC hash using SHA256 Algorithm. 

Here is an example on how to generate the Signature for `ticket_create` action with `Secret Key=12345ABCDE`, `timestamp=1706191612` and following request body:

```json
{
    "action": "ticket_create",
    "data": {
        "operator": "acme",
        "ticket_id": "668ef666333180bba97f0c93",
        "ticket_code": "CD4BDD",
        "player_id": "sometokenvalue",
        "price": 500,
        "stake": 444,
        "wht_amount": 240,
        "wht": 10,
        "ext_amount": 56,
        "ext": 12.5,
        "ext_type": "inclusive",
        "gross_payout": 2842,
        "net_payout": 2602,
        "currency": "USD",
        "atag": "atag_value",
        "rtag": null,
        "ticket_type": "quickbet"
    }
}
```

In order to generate the Signature all spaces must be removed from the request body:

```json
{"action":"ticket_create","data":{"operator":"acme","ticket_id":"668ef666333180bba97f0c93","ticket_code":"CD4BDD","player_id":"sometokenvalue","price":500,"stake":444,"wht_amount":240,"wht":10,"ext_amount":56,"ext":12.5,"ext_type":"inclusive","gross_payout":2842,"net_payout":2602,"currency":"USD","atag":"atag_value","rtag":null,"ticket_type":"quickbet"}}
```

{% hint style="info" %}
Please note that the order of the fields matters for calculating the signature. It will always be `action` first then `data`. Fields in `data` must be in the same order they are listed on doc pages for actions.
{% endhint %}

{% hint style="info" %}
Please note that optional fields, like `atag` or `rtag` will also be included in signature generation, even if they have `null` values. For example, if `atag` field has `null` value then it will be included in signature generation like so:

```
{...,"atag":null,...}
```

{% endhint %}

Then message for HMAC algorithm has to be formed using following template:

```
{timestamp}{request body with removed spaces}
```

So the message should look like the following:

```
1706191612{"action":"ticket_create","data":{"operator":"acme","ticket_id":"668ef666333180bba97f0c93","ticket_code":"CD4BDD","player_id":"sometokenvalue","price":500,"stake":444,"wht_amount":240,"wht":10,"ext_amount":56,"ext":12.5,"ext_type":"inclusive","gross_payout":2842,"net_payout":2602,"currency":"USD","atag":"atag_value","rtag":null,"ticket_type":"quickbet"}}
```

The computed Signature for this request is:

```
3fe37f41ba6dc960fd2a7098bd4643f971ff1408a31bcea9f3ef8d03b3ba2d0a
```

A free online HMAC Generator for testing is available on <https://www.freeformatter.com/hmac-generator.html#before-output>.&#x20;

Here is how we calculated the Signature from above example using **Free Formatter**

<figure><img src="https://2027057513-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKuxm6ysd27rN14uEAtGy%2Fuploads%2FCnn5vnIxl8YR8sko1drU%2Fimage.png?alt=media&#x26;token=53319ea2-53d2-4903-8a57-2371429fd87e" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Your `Secret Key` is located on your API Settings page. Login to Betstack to access your `Secret Key`
{% endhint %}

<figure><img src="https://2027057513-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKuxm6ysd27rN14uEAtGy%2Fuploads%2Fe5aGzX5mkTtACXh9j4Ee%2Fsecret-Key.png?alt=media&#x26;token=7a7a76a8-c5ea-4821-986f-e015fb624c4b" alt=""><figcaption><p>Secret Key is locate in API Settings profile page</p></figcaption></figure>