Signature
Generate HMAC hash signature to check that SMS notification is actually coming from us.
The Signature is calculated based on the timestamp
, request body
and your Secret Key
with HMAC hash using SHA256 Algorithm.
Here is an example on how to generate the Signature for otp
type with Secret Key=12345ABCDE
, timestamp=1706191612
and following request body:
{
"type": "otp",
"data": {
"code": "1234",
"msisdn": "+260977223120"
}
}
In order to generate the Signature all spaces must be removed from the request body:
{"type":"otp","data":{"code":"1234","msisdn":"+260977223120"}}
Then message for HMAC algorithm has to be formed using following template:
{timestamp}{request body with removed spaces}
So the message should look like the following:
1706191612{"type":"otp","data":{"code":"1234","msisdn":"+260977223120"}}
The computed Signature for this request is:
46b1ec8d2a05129bb57c8256f2cdd3029b2cf72dbed57f0d3eedd6b156573433
A free online HMAC Generator for testing is available on https://www.freeformatter.com/hmac-generator.html#before-output.
Here is how we calculated the Signature from above example using Free Formatter


Last updated