Authentication

Every private data or bot endpoint is secured with a private key
Arrange the parameters in ascending alphabetical order
Combine them with &. Don't URL encode them.
Encode complete string to UTF8.
Create a SHA256 signature from the encoded string and the Local API token.
Remove - from the signature
Make sure the signature is upper case.
Add "&sig=signature" to the URL.
C#
Bash
FileMaker v17
Python
public string CreateSignature(Dictionary<string, string> parameters, string privateKey)
{
    var parametersString = string.Empty;
    foreach (var parameter in parameters.OrderBy(c => c.Key))
        parametersString += $"&{parameter.Key}={parameter.Value}";
​
    parametersString = parametersString.TrimStart('&');
    var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(privateKey));
    var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(parametersString));
    var sig = BitConverter.ToString(hash).Replace("-", "");
​
    return sig;
}
echo -n $parameters | iconv -f ascii -t utf8 | openssl sha256 -hmac "$key" | awk '{ print toupper($2) }'
HexEncode (CryptAuthCode ( "abc + UTF-8 ordered parameters in other words string"; "SHA256"; "local api key" ))
​

import hmac
import hashlib
import collections
from typing import Dict
​
​
    @staticmethod
    def generate_signature(parameters: Dict[str, str], privatekey: str):
        parameter_string = ""
​
        parameters = collections.OrderedDict(sorted(parameters.items()))
​
        for key, value in parameters.items():
            parameter_string += "&" + str(key) + "=" + str(value)
​
        parameter_string = parameter_string.replace("&", "", 1)
​
        key = bytes(privatekey, 'UTF-8')
        message = bytes(parameter_string, 'UTF-8')
​
        digester = hmac.new(key, message, hashlib.sha256)
        signature = digester.digest()
        signature = signature.hex().replace("-", "").upper()
​
        r
​
Getting Started - Previous
Using Local API Server
Next - Getting Started
Response
Last updated -1