# Authentication

To be able to **generate sign in requests** and **transaction requests** your dApp must use the API keys provided in **CKBull Developer Console** after registering it.

{% hint style="warning" %}
**CKBull Signer API** is meant to be called from a **server**. Don't make calls from your dApp frontend; **always use your own dApp backend**.
{% endhint %}

You will need:

* **API Key.**
* **API Secret.**

CKBull Signer API uses the **HMAC-SHA512 algorithm** to validate the dApp in every call to generate sign in and transaction requests. The following **HTTP headers** need to be passed to authenticate the dApp:

* **x-timestamp:** A timestamp generated when making the call.
* **x-api-key:** The dApp API key provided in CKBull Developer Console.
* **x-signature:** The signature hash obtained using the **timestamp** and **your** **dApp API secret.**

Here you can find the code to generate the required headers.

{% tabs %}
{% tab title="Javascript" %}

```javascript
const crypto = require('crypto');

const apiSecret = "your-api-secret";
const timestamp = Math.floor(Date.now() / 1000);

const hmac = crypto.createHmac('sha512', apiSecret);
hmac.update(timestamp.toString());

const timestampHeader = timestamp;
const signatureHeader = hmac.digest('base64');
const apiKeyHeader = "your-api-key";
```

{% endtab %}

{% tab title="Python" %}

```python
import hashlib
import os
import base64
import time

apiSecret = 'your-api-secret';
timestamp = str(int(time.time()))

hmac = hashlib.sha512(random_string.encode('utf-8'))
hmac.update(timestamp.encode('utf-8'))
hash = hmac.digest()
hash_b64 = base64.b64encode(hash).decode('utf-8')

timestamp_header = timestamp
signature_header = hash_b64
api_key_header = 'your-api-key';

```

{% endtab %}
{% endtabs %}