Creating a timestamp for an API call

jonathan10 · 2025-02-18T11:20:16.851Z

I’m working on integrating an API that requires HMAC-SHA256 signature authentication, along with a timestamp (in GMT), in the request headers. This is a common pattern I’ve seen with some booking and marketplace APIs.

How do you dynamically generate timestamps in GMT (RFC 1123) format in Bubble?
Best approach to build the “string-to-sign” and HMAC-SHA256 signature (in workflows vs. API Connector)?
Any tips on setting up HMAC-SHA256 with timestamps for APIs like this?

Would really appreciate any guidance or examples if someone has tackled this before.

Thanks in advance!

Jici · 2025-02-18T15:43:35.022Z

When I need this type of auth, most of the time I do this:
Create a plugin for the call auth that handle all request type. This plugin will have field for body and request type (GET, POST…).

In the plugin (that need to be a server side plugin), you will generate the signature and the timestamp. In most case, I will return 3 things: timestamp, signature and Body. I use that after to API using API Connector so I can use Bubble feature to parse the response.

jonathan10 · 2025-02-19T11:21:16.468Z

Thanks @Jici Ill have to go down that route then and create the plugin. first time, lets see what happens.