Generating the Signature for the TBA Authorization Flow

This section contains details about generating the signature required for both Step One and Step Three of the TBA authorization flow.

The following example is showing the way the signature should be constructed. The final result depends on the language you use for generating the signature.

          signature = HMAC-SHA256(key, text) 



The result digest octet string is used as the resulting oauth_signature parameter after:


The end of support for the HMAC-SHA1 signature method targeted for 2021.2 has been postponed. However, the algorithm used by the HMAC-SHA1 signature method is no longer considered secure. You should update your integrations to use the HMAC-SHA256 signature method as soon as possible.

For more information, see the following topics

Related Topics

The Three-Step TBA Authorization Flow
Step One Obtain An Unauthorized Request Token
Step Two Authorize the Request Token
Step Three Exchange the Request Token for an Access Token
Specifications for Signature Construction for the TBA Authorization Flow

General Notices