# Signature Description **About the sign** * `ach-access-sign` request header: * It is the HMAC SHA256 encrypted result of `timestamp + method + requestPath + body` using the SecretKey, encoded in Base-64. * The parameters in `requestPath` follow the same rules as the body. The values inside a list are sorted in the following order: integer, float/double, string. Within each type, the values are sorted alphabetically. For lists and objects, they are sorted based on their position in the array. Nested structures such as objects and lists are recursively sorted following the same rules. Null and empty values are excluded from the sorting process (empty lists `[]`, empty dictionaries `{}`). **Signature String Example** * Example: {{“x”: 1, “y”: 2}, 1, 3, 2, -4, 1.1, “xxxxx”, “yyyy”, “jscx”, 0, “sss”,{“z”:2,”x”:1,”a”:””}} * Sorted: {-4,0,1,2,3,1.1,”jscx”,”sss”,”xxxxx”,”yyy”,{“x”: 1, “y”: 2},{“x”: 1, “z”: 2}} **Important Notes** * It should be noted that the sorting of data in lists during transmission should ideally not have any relevance to the transmitted content. If there are parameters in both the Path and body, each should be sorted separately, and then combined in the order of concatenation (`timestamp + method + requestPath + body`) for signature. Example: timestamp = 1538054050234, GET request, path=/api/v1/crypto/order?order\_no=sdf23\&token=ETH, Body is empty. The signature content would be "1538054050234" + "GET" + "/api/v1/crypto/order?order\_no=sdf23\&token=ETH" * The value of `timestamp` is the same as the `ach-access-timestamp` request header, following the ISO format. It represents Unix time in milliseconds as a thirteen-digit timestamp. Example: 1538054050231 `method` is the request method, with all letters capitalized. Example: GET/POST `requestPath` is the path of the requested API, case-sensitive. If the URL ends with a `/`, it should still be included. Example: /api/v1/crypto/order * `body` refers to the string representation of the request body. If there is no request body (typically for GET requests), the body can be omitted. The order within the body is also based on dictionary sorting. Empty values are not included in the signature. Any parameters that are empty will be filtered out and not included in the signature. Example: '1538054051230' + 'GET' + '/api/v1/crypto/token/price' + body `secretKey` and `apiKey` are case-sensitive. HMAC SHA256 is used to sign the hash string using the secret key. The signature is encoded in Base64 format. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://prepaidify.gitbook.io/docs/kyc-sharing-api/signature-description.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.