How To Sign Your Requests - Calaméo Knowledge Base
Not a Calaméo member yet?
Sign up now! It's FREE!
Get the latest news on Calaméo
Follow us on Facebook
Get Calaméo updates in real-time
Follow us on Twitter

How To Sign Your Requests

From Calaméo Knowledge Base

For security and authentication, the Calaméo API requires each request to be signed.

To prove that you are the owner of the account making the request and prevent forgeries, you must include a signature parameter in your requests.

You calculate the signature with your API secret key. The API key in the request is used by Calaméo to find out your API secret key. Then Calaméo calculates a signature with it. If the generated signature matches the signature in the request, the request is accepted as authentic and the action is performed. Otherwise, the server will return an error message.

The steps to sign a request

  1. Sort the request parameters alphabetically
  2. Concatenate your API secret key and the request's parameters name-value pairs
  3. Calculate the MD5 hash of this concatenated string
  4. Include the signature parameter in the request with this MD5 hash as value


Here are the public and secret key we will use:

Public key 84c92f2c5686d350d3d2d15c2073ec23
Secret key 1jHj0HORiWhpmw9QqOXsLoZjweVm7BWoT5WPWC2AbFsuWl95

In this example, we are going to list our account publications. The following parameters will be used:

apikey 84c92f2c5686d350d3d2d15c2073ec23
action API.fetchAccountBooks
output JSON
order Name
way UP

To calculate the signature of this request, we concatenate the API secret key with the name-value alphabetically sorted parameters:


We get the MD5 hash of this string:


The complete request looks like: