← Back to API Documentation

API Key / Secret Authentication


To make use of our API you should contact us via email (info@alfacharlie.com) and describe how and why you want to use it. We will contact you then and provide you an API Key and API Secret which is neccessary to access the API.

How it works?

Our API Signing mechanism is based on a PHP package called signature-php which is a PHP 5.4+ port of the Signature ruby gem. It is based on the principle of HMAC-SHA authentication which is a very simple key / secret authentication for APIs using hashed signatures.

To authenticate against the API you have to provide the following parameters

Name Description Example
x-version The current version of the API Authentication mechanism. We use version: 5.1.2 5.1.2
x-key The key we provide you to get access to our API 8xPuQm2ZDj6jf483bvRqz4MHX
x-timestamp The current timestamp when you send the request. Will be used for request verification. 1493899035
x-signature The generated HMAC SHA (sha256) signature. 810c64b215f7f0f7bd018bab9a3443978dd6eb4a2308e24595296452b7aeb3d1

Generate HMAC SHA Signature

The signature will be generated from:


        $secret = '8xPu442ZDj6je483b2Rqz4MHX';

        $auth = [
            'x-version'   => '5.1.2',
            'x-key'       => '8xPuQm2ZDj6jf483bvRqz4MHX',
            'x-timestamp' => 1493899035,

        $params = [
            'foo' => 'bar'

        $payload = merge($auth, $params);
        $payload = change_case($payload, CASE_LOWER);


        $payload = urldecode(http_build_query($payload));

        $payload = implode("\n", [$method, $uri, $payload]);

        $signature = hash_hmac('sha256', $payload, $secret);


If you have any questions please contact us.