Step 3: Add the Signing Information to the Request

After you calculate the signature, you must add it to the request. You can add the signing information to the request by adding an HTTP header named Authorization.

Adding signing information to the Authorization header

You include signing information by adding it to an HTTP header named Authorization. The contents of the header are created after you calculate the signature, so the Authorization header is not included in the list of signed headers. Although the header is named Authorization, the signing information is used for authentication.

The following pseudocode shows the construction of the Authorization header.

Authorization: IRBX Credential=<ExchangeId>, HashAlgorithm=<HashAlgorithm>, SignedHeaders=<SignedHeaders>, Signature=<Signature>

The following example shows a finished Authorization header.

Authorization: IRBX Credential=68593b89e8034641b376f380ef50c3c0, HashAlgorithm=SHA256, SignedHeaders=Host;Huron-IrbX-Date;Huron-IrbX-Request-Id, Signature=DBBZcUyrDruoc70E9a4V9yDWsmBIW42msZMDHZaXMUv9cKk4SKPYPso4PuVKI7exmybinJ7pNL7nYNcmScHGdW2mLtHp9rJYUi7f3c1oi/Hdq7xMFEvL2SqZRaVQmEI2O3vlMwND6so7/fx3TPowCla2Anffcdncm2RkAtyTNoJbWnbqaMWDAj1Jf3q6vLIJHxirG26009ZXs6plvrGgdvcnWfnjgWYZfJIJv6IJa0dUWtkUM50oSmWXJ5Tx6SEnOWSDrXBu4ny4xmQPOcRrrSMAds5/MvqW458qv8MsaPC7rCk9c66u0XyjUP7nuoNbpYidspVY23gdn7h3yUHtcQ==