Comment on page


Every private data or bot endpoint is secured with a private key
  • Arrange the parameters in ascending alphabetical order
  • Combine them with &. Don't URL encode them.
  • Encode complete string to UTF8.
  • Create a SHA256 signature from the encoded string and the Local API token.
  • Remove - from the signature
  • Make sure the signature is upper case.
  • Add "&sig=signature" to the URL.
FileMaker v17
public string CreateSignature(Dictionary<string, string> parameters, string privateKey)
var parametersString = string.Empty;
foreach (var parameter in parameters.OrderBy(c => c.Key))
parametersString += $"&{parameter.Key}={parameter.Value}";
parametersString = parametersString.TrimStart('&');
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(privateKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(parametersString));
var sig = BitConverter.ToString(hash).Replace("-", "");
return sig;
echo -n $parameters | iconv -f ascii -t utf8 | openssl sha256 -hmac "$key" | awk '{ print toupper($2) }'
HexEncode (CryptAuthCode ( "abc + UTF-8 ordered parameters in other words string"; "SHA256"; "local api key" ))
import hmac
import hashlib
import collections
from typing import Dict
def generate_signature(parameters: Dict[str, str], privatekey: str):
parameter_string = ""
parameters = collections.OrderedDict(sorted(parameters.items()))
for key, value in parameters.items():
parameter_string += "&" + str(key) + "=" + str(value)
parameter_string = parameter_string.replace("&", "", 1)
key = bytes(privatekey, 'UTF-8')
message = bytes(parameter_string, 'UTF-8')
digester =, message, hashlib.sha256)
signature = digester.digest()
signature = signature.hex().replace("-", "").upper()