Documentation Index
Fetch the complete documentation index at: https://docs.bringin.app/llms.txt
Use this file to discover all available pages before exploring further.
HMAC is required when you call POST /application/connect with a callback URL. It proves the request came from your server.
All HMAC-authenticated requests need:
| Header | Value |
|---|
api-key | Your master api-key |
Authorization | HMAC {timestamp}:{signature} |
Content-Type | application/json |
How to Calculate the Signature
Get the current UNIX timestamp
const time = Date.now().toString();
MD5-hash the request body
const contentHash = crypto.createHash('md5')
.update(JSON.stringify(body))
.digest('hex');
{} — this gives 99914b932bd37a50b983c5e7c90ae93b.Concatenate timestamp + method + path + body hash
const signatureRawData = time + 'POST' + '/api/v0/application/connect' + contentHash;
Create HMAC-SHA256 with your API secret
const signature = crypto.createHmac('sha256', apiSecret)
.update(signatureRawData)
.digest('hex');
Assemble the Authorization header
const authorization = 'HMAC ' + time + ':' + signature;
Complete Example (Node.js)
import crypto from 'crypto';
const apiSecret = ''; // Your API Secret
const time = Date.now().toString();
const method = 'POST';
const path = '/api/v0/application/connect';
const body = {
email: 'user@example.com',
callback: 'https://yourapp.com/webhooks',
ref: 'user-123',
};
// MD5 hash of the body
const contentHash = crypto
.createHash('md5')
.update(JSON.stringify(body))
.digest('hex');
// Signature input
const signatureRawData = time + method + path + contentHash;
// HMAC SHA256
const signature = crypto
.createHmac('sha256', apiSecret)
.update(signatureRawData)
.digest('hex');
// Final header
const authorization = 'HMAC ' + time + ':' + signature;
import hashlib, hmac, json, time
api_secret = '' # Your API Secret
timestamp = str(int(time.time() * 1000))
method = 'POST'
path = '/api/v0/application/connect'
body = {'email': 'user@example.com', 'callback': 'https://yourapp.com/webhooks'}
content_hash = hashlib.md5(json.dumps(body).encode()).hexdigest()
signature_input = timestamp + method + path + content_hash
signature = hmac.new(api_secret.encode(), signature_input.encode(), hashlib.sha256).hexdigest()
authorization = f'HMAC {timestamp}:{signature}'
Time Window
The timestamp must be within 600 seconds (10 minutes) of the server’s time. Requests outside this window are rejected.
