If we have ‘Check Nonce’ disabled against the API key, how does the script change to generate the authorization header?
So the nonce is declared and prepended to the API key for generating the SHA256 HMAC:
$signature = strtoupper(hash_hmac('sha256', $nonce . $api_key, $api_secret));
And then it is added to the array to generate the HTTP query:
$auth_data = array(
'key' => $api_key,
'signature' => $signature,
'nonce' => $nonce++
);
The reason I am not using the nonce is because I am attempting to manually generate the authorization header using openssl and not within a script upon the call.
How does this change if we are not checking the nonce?