Authentication

All IIMMPACT API endpoints are authenticated using API Key + HMAC-SHA256 signatures. Each request must include four headers: your API key, a timestamp, a unique nonce, and the computed signature.

This includes the Catalog API endpoints (/v2/catalog, /v2/options).

JWT authentication is deprecated and should not be used for new integrations.

See the API Key Authentication guide for the full signing process, code examples, and troubleshooting.

WARNING

Your API keys and secrets carry many privileges. Keep them secure and never share them in publicly accessible areas such as GitHub, client-side code, or mobile apps.