# Signature Some APIs require signature in incoming requests (like BetEngine API). The Signature is calculated based on the `timestamp`, `request body` and your `Secret Key` with HMAC hash using SHA256 Algorithm. Here is an example on how to generate the Signature for create `/ticket` request with `Secret Key=12345ABCDE`, `timestamp=1706090303` and following request body: ```json { "operator": "site", "token": "UnIqUe-ToKeN", "price": 5000, "currency": "KES", "atag": "affiliate-1", "source": "mobile", "type": "superbet", "event": 100001, "bets": [101, 102, 103, 104, 105, 106] } ``` In order to generate the Signature all spaces must be removed from the request body: ```json {"operator":"site","token":"UnIqUe-ToKeN","price":5000,"currency":"KES","atag":"affiliate-1","source":"mobile","type":"superbet","event":100001,"bets":[101,102,103,104,105,106]} ``` {% hint style="info" %} Please note that the order of the fields matters for calculating the signature. Fields must be in the same order they are listed on doc pages for requests. {% endhint %} {% hint style="info" %} Please note that optional fields, like `atag` must also be included in signature generation, even if they have `null` values. For example, if `atag` field has `null` value then it must be included in signature generation like so: ``` {...,"atag":null,...} ``` {% endhint %} Then message for HMAC algorithm has to be formed using following template: ``` {timestamp}{request body with removed spaces} ``` {% hint style="info" %} Please note that for requests that have no body, like GET requests, above template will only consist of `{timestamp}`. {% endhint %} So the message should look like the following: ``` 1706090303{"operator":"site","token":"UnIqUe-ToKeN","price":5000,"currency":"KES","atag":"affiliate-1","source":"mobile","type":"superbet","event":100001,"bets":[101,102,103,104,105,106]} ``` The computed Signature for this request is: ``` f99aee9f77eef1ee8b64c78e7f8612e3234f03cce5fecdebd7ea27f2b9081423 ``` A free online HMAC Generator for testing is available on . Here is how we calculated the Signature from above example using **Free Formatter**
{% hint style="info" %} Your `Secret Key` is located on your API Settings page. Login to Betstack to access your `Secret Key` {% endhint %}

Secret Key is locate in API Settings profile page

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.betstack.io/signature.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.