At Algbra, we prioritize security, and therefore, accessing our API via HTTPS is mandatory in all environments. Additionally, production access to our API is restricted to IP addresses that are white-listed. We will manage the white-listing process for you during onboarding.

To ensure that only authorized users can access the API, we require you to prove your identity before granting access. We use HMAC authentication on all environments, which involves calculating a signature based on certain message contents and including it in the Authorization header of your requests. We'll provide you a unique keyid (token) and a secret value, you will then calculate HMAC signature per request.

Please note that our platform would assume operations approved from your organisation for all the requests signed by keys and secrets. The sandbox environment keys may have time limits, typically for a month for experimental purposes. If you require an extension, please contact us.