HMAC Tool
Gridy APIs use a Hash-based Message Authentication Code (HMAC) to add an HMAC signature to the HTTP Authorization header of each API request. This security measure provides maximum protection against man-in-the-middle and session replay attacks.
HMAC signing provides these added security benefits:
- The API Secret is never transmitted, but encrypts the HMAC from the sender-side and decrypts it from the server-side.
- The HMAC signature validates that the message was not tampered with or altered in transit. Any change to the message invalidates the HMAC.
- The HMAC signature includes a nonce (one-time code) that prevents replay attack
Use the HMAC Tool to generate an HTTP Authorization header for use with the API Explorer.
Go to https://gridy.io/play and select the HMAC Tool from the Playground menu.

Enter your API User ID & API Secret Key to generate the HTTP Authorization header required when using the API Explorer.
