API provider: include a signature based on these fields in this order. DO NOT ENCODE IT!

Implementation works a while, then..

*a wild apostrophe appears*

Signature no longer works.

API Provider: "oh, yeah we escape those."


Not only is it a poor design for signing payloads, the documentation is shockingly poor in it.
Even the implementation example (which is supposedly from their code) doesn't account for any type of escaping or encoding.

Before anyone asks, I can't into details about the implementation.

  • 0
    Oh, and they also have us test against the production environment, so we don't do they usual amount of behaviour tests against them.
  • 1
    As an API writer, I want to not cause these issues for my users. Do you have examples of good documentation for APIs?
  • 0
    @bkwilliams, off the top of my head, no, sorry.

    Might be worth looking at how some of the larger companies do them though. Perhaps the github api.
Add Comment