Some Playmob API requests require authorization and must be signed using the
procedure on this page. This requires your API credentials – obtained from the
developer portal.

This page will outline how to get your API credentials, the additional security
parameters required when signing a request, and the signature
generation process itself. This process is partly different for get and
post requests

Obtaining your API Credentials

These were emailed to you when signing up to the developer portal, but can also
be obtained from the developer portal under the Help tab for your campaign.

Common authentication parameters

All signed requests must include the following parameters on top of the payload:

1. nonce: A unique string for this request.
2. time: A timestamp for this request formatted as in RFC339.
3. api_access_id: Your API access ID.

Additionally, an AUTHORIZATION header must be supplied with the format:

Generating the signature for a GET request

Append your API key to the URL and SHA1 the result.


Generating the signature for a POST request

Append your API key to the raw post body and SHA1 the result.


Here we are signing a request for the create user event API (formerly ‘create purchase’). Our post data is a JSON object.