Authorization
Learn various authorization methods you need to use Gluwa API.
Last updated
Learn various authorization methods you need to use Gluwa API.
Last updated
Gluwa has two types of authorizing a request:
X-REQUEST-SIGNATURE
header
Authorization
header
Depending on the request, you may have to use at least one of them or none at all. Look under Request -> Headers section under each endpoint to find out if an endpoint requires authorization.
X-REQUEST-SIGNATURE
header is used to verify the ownership of an address, usually, for GET
requests. The value of the header must be the signature of an address that you own. Follow the guide below to generate an Address Signature.
Then, you can generate the value of the header like below:
So for example,
There are couple things to note:
Make sure that unix timestamp is in seconds, NOT milliseconds.
The generated X-REQUEST-SIGNATURE
will be valid for 10 minutes. After that, any request made with the same header value will return 403 response.
For example, you would use call an endpoint like below using curl.
Some endpoints use API keys and secrets to authorize the request. You can view and manage your API key and secrets in .
We use scheme.