Authentication
HMAC-SHA256 signing rules for the EdgeCron customer-facing API.
Customer-facing requests pass through this middleware chain:
RequestID -> APIKey -> Signature -> RateLimitApp -> BillingMiddlewareRequired headers
| Header | Type | Description |
|---|---|---|
X-Key-ID | string | Your API key ID, for example ak_.... |
X-Timestamp | integer | Unix timestamp in seconds. |
X-Signature | string | Lowercase hex HMAC-SHA256 signature. |
Content-Type | string | application/json for requests with a JSON body. |
Signature payload
The signing input is:
timestamp + "\n" + payloadpayload is built with these rules:
- Sort query parameters by key.
- Use the raw body string when a body exists.
- When both query and body exist, use
sorted_query + "&" + raw_body.
Node.js example
import crypto from 'node:crypto';
function sign(secret: string, timestamp: number, payload: string) {
return crypto
.createHmac('sha256', secret)
.update(`${timestamp}\n${payload}`)
.digest('hex');
}