# Signing requests

Once you have [obtained temporary credentials](https://api-docs.rightsline.com/authentication/requesting-temporary-credentials),  you will use them to compute the Authorization signature for all additional requests to the API. 

#### Sample temporary credentials

```javascript
{
    "accessKey": "***********",
    "secretKey": "***************************",
    "sessionToken": "FQoDYXd//////====ONCXz6OZC6FIxoWO1CGxVkwnY6WT07ZdLgGkr5ZkRCnGpa5uiF5KKbgMMWyQjKIazeyarBvXleDQmJznO4tBKq3U709cY20lVkdzHwAJQ5HXWHVop6w6cRy8uyOFPZ9fPD79PJ0L9KUkSo9uIG8DUK7PRvs4eAtIQQFdW+j2eHx6sUlF====34098qojfaof",
    "expiration": "2018-01-01T00:00:01+00:00"
}
```

Rightsline utilizes [Amazon’s API Gateway](https://aws.amazon.com/api-gateway/) and authenticates all calls by leveraging both [STS](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html) and [AWS Signature V4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).  Instructions for computing the AWS V4 signature can be found [here](https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html).

### Postman

&#x20;Although you can construct this request by following the instruction contained above from [Amazon’s documentation](https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html), Rightsline recommends you utilize the instructions at <https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html>, which will speed up the process quite a bit.&#x20;

Postman generates the HTTP Request in the required canonical format, including the code for signing a request in various languages:

![Postman code snippets for generating AWS V4 signature.](https://2092511861-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8zuJdsrsd_MeaESXRx-3778137224%2Fuploads%2Fi35Y1fwVYqhZYWksvwAo%2Fhttp.jpg?alt=media\&token=5fe2b6b8-a6c2-4104-b1a9-d8137a6daf24)

&#x20;For your implementation, you will need to generate your Signing Key programmatically (Postman is doing it for you in the background). Instruction for calculating the AWS4-HMAC-SHA256 signature can be found here: <https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html> There are also great examples of how to generate the signature in various programming languages located here: <https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html>

### HTTP request example

![](https://2092511861-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8zuJdsrsd_MeaESXRx-3778137224%2Fuploads%2FlyxYkqPYWgnFj0JiUMtX%2Fhttp2.JPG?alt=media\&token=1cec41ec-9a86-4149-9aec-73054676c55d)

1. HTTP Request Method (GET, POST, PUT, etc.) + Canonical URI + HTTP Protocol (HTTP/1.1)
2. Div API Key; unique to each Rightsline environment
3. Requested host URL, which will change depending on the API environment ris\[-staging, -int, -pm].rightsline.com
4. Date/Time of the request in Amazon’s required format YYYYMMDD’T’HHMMSS’Z’ (<https://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html>)
5. Authorization Header with calculated Signing Key. (<https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html>)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://api-docs.rightsline.com/authentication/signing-requests.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.