Important Notes

Empty bodies: For requests with no body (e.g. GET), use the canonical empty object string "{}" for signature generation—not the literal empty string "". The API middleware and SDK sign GET requests with "{}".

Key ordering: The canonical JSON ensures consistent signatures regardless of object key order

Environment variables: When using Postman, environment variables in the format {{variable_name}} are automatically resolved

Replay protection: Timestamps prevent replay attacks; ensure your system clock is synchronized

Secret security: Keep your client secret secure and never expose it in client-side code