Authentication
The ActionStreamer API supports two authentication contexts:
- HMAC-SHA256 key/secret signing for headless devices and direct service integrations
- Session-token authentication for web portal workflows
Use this guide for the shared HMAC signing pattern used by device and service integrations. Refer to each endpoint page for any operation-specific authentication requirements.
Base URL
https://api.actionstreamer.com/https://api.actionstreamer.com/v1/
Credentials
Create an API key pair in the portal:
- Sign in to
https://portal.actionstreamer.com/login. - Open
Settings > API Keys. - Create a new access key and secret key.
Required Headers
Signed requests use these headers:
X-Nonce: UUIDv4 generated per requestX-Timestamp: Unix epoch secondsAuthorization:HMAC-SHA256 {access_key}X-AccessKey:{access_key}X-Signature:{signature}Content-Type:application/json
Signature Algorithm
- Remove
Content-Typefrom the headers before computing the signature. - Sort header keys and render them as
key: valuelines. - Sort query or form parameters and render them the same way.
- Normalize the request path so it starts with
/and does not end with/unless the path is/. - Build the string to sign in this order:
METHOD
PATH
HEADER_STRING
PARAMETER_STRING
BODY
- Compute
HMAC-SHA256(secret_key, string_to_sign)and send the hex digest asX-Signature.
Reference Python Example
def get_hmac_signature(secret_key: str, method: str, path: str, headers, parameters: dict, body: str = None) -> str:
if "Content-Type" in headers:
del headers["Content-Type"]
header_string = dictionary_to_string(headers)
parameter_string = dictionary_to_string(parameters)
if not path.startswith("/"):
path = "/" + path
if path.endswith("/") and len(path) > 1:
path = path[:-1]
string_to_sign = "\n".join([method, path, header_string, parameter_string, body if body else ""]).strip()
return hmac.new(secret_key.encode("utf-8"), string_to_sign.encode("utf-8"), hashlib.sha256).hexdigest()