When you generate your API key pair, you will see your Access Key and Secret Key. Using these keys, you need to generate an Authorization header so that we can understand who is making this request and perform authorization controls for that user for the relevant operation.

The generated "Authorization" header should be generated using the below format:

"StatusEntry ${Access_Key}:${Signed_Key}"

You know your access "Access_Key " after you generate the key pair.

Here is how you should generate your "Signed_Key" using your access and secret keys:

You need to generate a signed JWT token using your secret key to produce "Signed_Key" by setting the below fields:

{
  "iss": "${access_key}",
  "exp": 1641170086,
  "aud": "www.statusentry.com"
}

An example java code using this jwt library is as follows:

String accessKey = "AK123";
String secretKey = "SK456";
String relativeRequestUrl = "/v1/incidents";
String signedKey = Jwts.builder()
                .setIssuer(accessKey)
                .setIssuedAt(Date.from(Instant.now()))
                .setExpiration(Date.from(Instant.now().plus(1, ChronoUnit.DAYS)))
                .setAudience("www.statusentry.com")
                .signWith(SignatureAlgorithm.HS256, secretKey.getBytes(StandardCharsets.UTF_8))
                .compact();

An example generated Authorization header is as follows:

StatusEntry AK5147f230-f237-461e-86b2-23b834c3a697:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBSzUxNDdmMjMwLWYyMzctNDYxZS04NmIyLTIzYjgzNGMzYTY5NyIsImlhdCI6MTYwOTYzMDk5NCwiZXhwIjoxNjQxMTcwMDg2LCJhdWQiOiJ3d3cuc3RhdHVzZW50cnkuY29tIiwic3ViIjoiL3YxL2luY2lkZW50cy81OTk2Nzc2ZC0yMWQxLTRkNzItOTJiZS03NTE3YTM1NWNhOTYifQ.MYK8VWWmV_pWikL1IB6V6W7KHkpEEYnQ5MikTcskwPg

You can find popular JWT libraries to use for your development language here.