Every request to the API needs to be authenticated using a signature in the HTTP headers. A good place to start when building out your request signing logic is the List Services API.
There is a clear example written in PHP here. See listServices.php.
API accounts will be given a key pair consisting of an Access Key ID (like ‘qzwBzqCiMsuHoUrZEcLq’) and a Secret Access Key (like ‘znkcyBjEWKQFIELAkotspHDoJbwHJyRPXChFYWDn’). These keys will be used to sign every request. Keys are tied to a merchant account.
The API requires that the client send the following headers. All required x-lod-* headers are used to compute authorization.
The best place to start when learning how to develop a valid request signature is the List Services API. In this case, the string to encrypt for the signature is: