SparkGlim LogoSparkGlim

Authentication

Exact request signing contract for the SparkGlim white-label tenant API.

OverviewGetting StartedAuthenticationAPI ReferenceCoverageIntegrations

Required Headers

Send these on every white-label tenant API request.

x-white-label-key-id

Issued tenant key identifier.

x-white-label-timestamp

Unix epoch in milliseconds.

x-white-label-signature

HMAC-SHA256 signature over the canonical request string.

Signature Rules

  • Required headers: `x-white-label-key-id`, `x-white-label-timestamp`, `x-white-label-signature`.
  • The signature is HMAC-SHA256 over `${timestamp}.${METHOD}.${path}.${body}`.
  • For `GET` and `HEAD`, the body portion must be exactly `{}`.
  • Tenant keys are scoped. Missing scope returns `403`.
  • Timestamp tolerance defaults to 300 seconds unless the account security setting overrides it.
  • The white-label API uses backend in-memory rate limiting and does not depend on Redis.

Node.js Example

import crypto from 'crypto'

const timestamp = Date.now().toString()
const method = 'POST'
const path = '/api/white-label/v1/campaigns'
const body = JSON.stringify({
  title: 'Acme Awards 2026',
  description: 'Annual awards voting campaign.',
  campaign_type: 'voting',
  start_date: '2026-05-01T00:00:00.000Z',
  end_date: '2026-06-01T00:00:00.000Z'
})

const canonical = `${timestamp}.${method}.${path}.${body}`
const signature = crypto.createHmac('sha256', WHITE_LABEL_SECRET).update(canonical).digest('hex')

await fetch(BASE_URL + path, {
  method,
  headers: {
    'content-type': 'application/json',
    'x-white-label-key-id': WHITE_LABEL_KEY_ID,
    'x-white-label-timestamp': timestamp,
    'x-white-label-signature': signature
  },
  body
})