# Signature The Signature is calculated based on the `timestamp`, `request body` and your `Secret Key` with HMAC hash using SHA256 Algorithm. Here is an example on how to generate the Signature for `otp` type with `Secret Key=12345ABCDE`, `timestamp=1706191612` and following request body: ```json { "type": "otp", "data": { "code": "1234", "msisdn": "+260977223120" } } ``` In order to generate the Signature all spaces must be removed from the request body: ```json {"type":"otp","data":{"code":"1234","msisdn":"+260977223120"}} ``` {% hint style="info" %} Please note that the order of the fields matters for calculating the signature. It will always be `type` first then `data`. Fields in `data` must be in the same order they are listed on doc pages for types. {% endhint %} Then message for HMAC algorithm has to be formed using following template: ``` {timestamp}{request body with removed spaces} ``` So the message should look like the following: ``` 1706191612{"type":"otp","data":{"code":"1234","msisdn":"+260977223120"}} ``` The computed Signature for this request is: ``` 46b1ec8d2a05129bb57c8256f2cdd3029b2cf72dbed57f0d3eedd6b156573433 ``` A free online HMAC Generator for testing is available on . Here is how we calculated the Signature from above example using **Free Formatter**

{% hint style="info" %} Your `Secret Key` is located on your API Settings page. Login to Betstack to access your `Secret Key` {% endhint %}