Skip to content

Signatures

Every API request needs a signature to ensure that your interactions are secure and that the responses you receive originate from Amazon.

For both generating and checking these signatures, Amazon Pay Later uses the Hash-based Message Authentication Code (HMAC) SHA-384 algorithm.

Along with Amazon's Signature v4 process, HMAC SHA-384 algorithm generates and validates signatures.

Here is a high level overview of how to generate a signature:

  1. Create a canonical request following the standard format for APIs.

  2. Create a string to sign using the canonical request created in step 1.

  3. Derive a signing key using the secret key provided by Amazon.

    Note

    For access to available secret keys, see Amazon Pay Later Integration Details.

  4. Calculate the final signature using the signing key and the string to sign.