Get your API keys

Before starting API integration for your Streams, your application must be uploaded, and the Stream for the application must be created from the Vagon Dashboard.

• API Public Key: you can get it from Vagon Dashboard for each Streams.

• API Secret: you can get it from Vagon Dashboard for each Streams.

• Application ID: you can get it from Vagon Dashboard for each Streams. Stated as _Application_ID_ in the document.

• Region: Region coverage can be set from Vagon Dashboard for each Streams.

Authentication

The client must be authenticated by using API Public and Secret keys with HMAC authentication, by using the SHA256 algorithm.

• Every API call requires to be authenticated via the Authorization header.

• Header format Authorization: HMAC {key}:{signature}:{nonce}:{timestamp}

• Signature payload is calculated as payload = "{api key}{request method}{request path}{timestamp}{nonce}{request body}"

• request path shouldn't include the base API endpoint. For example if you sending a GET request to https://api.vagon.io/app-stream-management/v2/applications the request path should be /app-stream-management/v2/applications

• Request body should be an empty string for GET requests.

• Signature is calculated as the signature = HMAC(SHA256, payload, api secret)

• Signature should be in HexaDecimal format

• The nonce is a random string value and the timestamp is the current UTC timestamp (milliseconds).