HTTP signatures

To increase the security of requests sent to the Upvest Investment API, all requests sent must be signed with a signature algorithm. We currently support the following signature algorithm versions.

Supported versions

All requests sent to the Investment API must be signed.

• The Investment API supports the following signature algorithms:

  • Version 6 as defined in the IETF draft for HTTP Message Signatures v6. This is the default algorithm that the Investment API uses.

  • Version 15 as defined in the IETF draft for HTTP Message Signatures v15.

Use our open source HTTP signature proxy to instantly add the HTTP signature functionality to any API testing tool of your choice.

• HTTP signature proxy v1.3.8 and older use V6 of algorithm
• HTTP signature proxy v1.3.9 and newer use V15 of algorithm.

Implementation guides

We have provided tutorials on how to implement each of these. There is also a guide describing how to upgrade from v6 to v15.

• 'Implementing HTTP signatures v6': Learn how to implement signatures v6.

• 'Implementing HTTP signatures v15': Learn how to implement signatures v15.

• 'Upgrade HTTP signatures from v6 to v15': Learn how to upgrade from v6 to v15.

Further concept materials

Technical concept materials can be found within the section of the documentation.

• v15 concepts
• v6 concepts