- Ensure that the values of API key, API secret, token, timestamp, nonce and data used in calculating HMAC match the corresponding values used in the HTTP headers.
- Ensure that the correct hashing algorithm is used.
- Ensure that the API key, API secret and merchant token are correctly entered without leading or trailing spaces.
- Ensure that the timestamp in the HTTP headers is in milliseconds and represents epoch time calculated from UTC time.
- Ensure that the timestamp in the HTTP header is within 5 minutes of our server time. This depends on your server time.
Sample code for generating HMAC is available in the "Docs and Sandbox" page and in Direct API repositories