Signing a request

Innovaz uses API keys to authenticate all API calls. Depending on the type of application environment, the base API URL will be one of the following:

  • Testnet:

  • Mainnet:

Every API request must contain the following headers:

  • X-API-Key - The API Key created from your Innovaz application.

  • Authorization - This value should be set to Bearer <Access Token>. The access token is a Base64-encoded JSON Web Token (JWT).

JWT Structure

The payload field should contain the following fields:

  • uri - The URI part of the request (e.g., /v1/common/chains).

  • nonce - Unique number or string. Each API request needs to have a different nonce.

  • iat - The time at which the JWT was issued, in seconds since Epoch.

  • exp - The expiration time on and after which the JWT must not be accepted for processing, in seconds since Epoch. (Must be less than iat+30sec.)

  • sub - The API Key.

  • bodyHash - Hex-encoded SHA-256 hash of the raw HTTP request body.

The JWT must be signed with the Innovaz API secret key and the RS256 algorithm.

Authorization: Bearer <JWT>

Last updated