Signing a request

Innovaz uses API keys to authenticate all API calls. Depending on the type of application environment, the base API URL will be one of the following:
  • Testnet:
  • Mainnet:
Every API request must contain the following headers:
  • X-API-Key - The API Key created from your Innovaz application.
  • Authorization - This value should be set to Bearer <Access Token>. The access token is a Base64-encoded JSON Web Token (JWT).

JWT Structure

The payload field should contain the following fields:
  • uri - The URI part of the request (e.g., /v1/common/chains).
  • nonce - Unique number or string. Each API request needs to have a different nonce.
  • iat - The time at which the JWT was issued, in seconds since Epoch.
  • exp - The expiration time on and after which the JWT must not be accepted for processing, in seconds since Epoch. (Must be less than iat+30sec.)
  • sub - The API Key.
  • bodyHash - Hex-encoded SHA-256 hash of the raw HTTP request body.
The JWT must be signed with the Innovaz API secret key and the RS256 algorithm.
Authorization: Bearer <JWT>