# Authentication

### Get your API keys

Before starting API integration for your Streams, your application must be uploaded, and the Stream for the application must be created from the Vagon Dashboard.

* **API Public Key:** you can get it from Vagon Dashboard for each Streams.
* **API Secret:** you can get it from Vagon Dashboard for each Streams.
* **Application ID:** you can get it from Vagon Dashboard for each Streams. Stated as `_Application_ID_` in the document.
* **Region:** Region coverage can be set from Vagon Dashboard for each Streams.

![Share View from the Streams page inside Vagon Streams Dashboard](/files/OotrGFu2tGia9nBXN95U)

### Authentication <a href="#id-1-client-authentication" id="id-1-client-authentication"></a>

The client must be authenticated by using **API Public** and **Secret** **keys** with HMAC authentication, by using the SHA256 algorithm.

* Every API call requires to be authenticated via the Authorization header.
* **Header format**\
  `Authorization: HMAC {key}:{signature}:{nonce}:{timestamp}`
* Signature payload is calculated as\
  `payload = "{api key}{request method}{request path}{timestamp}{nonce}{request body}"`
* `request path` shouldn't include the base API endpoint. For example if you sending a GET request to `https://api.vagon.io/app-stream-management/v2/applications` the `request path` should be `/app-stream-management/v2/applications`
* Request body should be an empty string for `GET` requests.
* Signature is calculated as the\
  `signature = HMAC(SHA256, payload, api secret)`
* Signature should be in HexaDecimal format
* The nonce is a random string value and the timestamp is the current UTC timestamp (milliseconds).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vagon.io/streams/integrations/streams-api-services/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.