Authorization header C# .NET example code

A few notes:

  • Remember to use the content from the request.Content in your HTTP client. That is the content we see and use to calculate our HMAC header.
  • Remember NOT to add an extra "/" somewhere between the domain URL and /API/V07.
  • Remember to validate the JSON object before you send it.
  • Remember to save a log of all requests you send, so it is easier for you and us to find any errors.

// Create generic HMAC
string content = url + " " + jsonContent + " " + timeStampUtc;
var authorization = GetAuthorizationHeader (content, apiKey, timeStampUtc);
request.AddHeader("Authorization", authorization);
public string GetAuthorizationHeader(string hmacContent, string apiKey, string timeStampUtc)
    var base64Hmac = CalculateHmac(hmacContent, apiKey);
    var authorization =
                string.Format("{0} {1}",
    return authorization;
public static string CalculateHmac(string content, string key)
    var inputBytes = Encoding.UTF8.GetBytes(content);
    var keyBytes = Encoding.UTF8.GetBytes(key);
    using (var hmacSha256 = new HMACSHA256(keyBytes))
        var hashMessage = hmacSha256.ComputeHash(inputBytes);
        return Convert.ToBase64String(hashMessage);