Signing Policies

In order to sign a policy, you will need to create a policy, above, and find your secret in the security section of the developer portal. Then, use HMAC-SHA256 to sign the policy.


We are trying to access which is secured.

  1. Gather Information

    The policy that we want to apply:


    Our secret, from the developer portal:

  2. Calculate the HMAC-SHA256 and Base64 Encoded Policy

    There are common libraries for calculating HMAC-SHA256 in a variety of languages. It is advisable to use a well tested and vetted library as opposed to writing your own. If you would prefer to use a simple hash like MD5 or SHA1, or other varients of HMAC instead, let us know and we can look into setting that up for you.

    The signature is a hex encoded string with lowercase letters.

Example Python Code for Policy and Signature Generation:

# Python Example
import hmac
import hashlib
import time
import base64
# import json

json_policy = '{"handle":"KW9EJhYtS6y48Whm2S6D","expiry":1508141504}'
policy = base64.urlsafe_b64encode(json_policy)
print policy

# or
# handle = 'KW9EJhYtS6y48Whm2S6D'
# expiry = str(int(time.time() + 60*60))
# json_policy = '{"handle":"%s","expiry":%s}' % (handle, expiry)
# policy = base64.urlsafe_b64encode(json_policy)

print, policy, hashlib.sha256).hexdigest()
Resulting Policy:
Resulting Signature: