Skip to main content

HTTP Authentication / Authorization

Because Mergent allows you to set the request headers, it’s easy to use standard or custom headers per request. Some common examples: Basic Authentication When creating a Task, set the request headers to include {"Authorization": "Basic ..."}. Bearer Authentication When creating a Task, set the request headers to include {"Authorization": "Bearer ..."}.

Validating Origin Signatures

Mergent signs all Task/Schedule HTTP requests with the X-Mergent-Signature header. This signature is an HMAC-SHA1 hash of the request body signed by your project’s API key. Mergent libraries have support for validating this signature built in. JavaScript: 
const validator = new RequestValidator("your project's API key");
validator.validateSignature("request body", "the value of X-Mergent-Signature");
Ruby: 
validator = Mergent::RequestValidator.new("your project's API key")
validator.valid_signature?("request body", "the value of X-Mergent-Signature")