Many operations require a signature of the request. This signature is the SHA-1 hash of the arguments sorted by key, preceded by a private key.
The private key to use depends on the component being called. If the component requires an authkey, then the private key to use is the one associated to that authkey. In other cases, you must use the private key associated to your shared key.
Signature is encoded as a string of hexadecimal digits (0-9a-f), two digits per byte.
For example, for the following request:
http://api.safecreative.org/v2/ ?ztime=20081106141840 &sharedkey=fDsm8YO9SaupC5TChOsB6w &component=authkey.create
You must get the key/value pairs (values should not be URL-encoded):
ztime=20081106141840 sharedkey=fDsm8YO9SaupC5TChOsB6w component=authkey.create
Sort this list by key:
component=authkey.create sharedkey=fDsm8YO9SaupC5TChOsB6w ztime=20081106141840
Build a data stream with the private key (in this case, the one associated to your shared key) followed by the sorted pairs, all separated by ampersand (&):
Calculate de SHA1 of the previous UTF-8 data stream:
Finally, you must append the SHA1 to the request as the signature parameter:
http://api.safecreative.org/0.2 ?ztime=20081106141840 &sharedkey=fDsm8YO9SaupC5TChOsB6w &component=authkey.create &signature=4a285c1501646b41896a065add2311ffcde889ce
If you have trouble signing your requests (getting InvalidSignature errors), you can try the signature.analysis debug component.