Q: Which headers should I fill?

A:
Content-type: application/json
Accept: application/json
Accept-encoding: gzip, deflate
Authorization: HMAC webApiId:webApiKey:unix_timestamp_in_ms:Base64HMACSignature

Q: How to perform HMAC authentication?

A:
Signature = unix_timestamp_in_ms + webApiId + webApiKey + req.getMethod() + req.getURI() + content;
Base64HMACSignature = Base64(HmacSHA256(Signature, webApiSecret));
Header = "Authorization: HMAC:webApiId:webApiKey:unix_timestamp_in_ms:Base64HMACSignature"

Example: Signature = "1509018187496b3a113e4-77d2-4118-941d-3168803612abRCsr8eCZsyR59emhGEThttps://localhost:8443/api/v1/account";

There is a sample JavaScript code:

                                 long timestamp = new Date(System.currentTimeMillis()).getTime();

                                 String signature = timestamp + _webApiId + _webApiKey + req.getMethod() + req.getURI() + _content;
                                 byte[] messageBytes = signature.getBytes(StandardCharsets.US_ASCII);
                                 byte[] hmacKeyByte = _webApiSecret.getBytes(StandardCharsets.US_ASCII);

                                 Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
                                 SecretKeySpec secret_key = new SecretKeySpec(hmacKeyByte, "HmacSHA256");
                                 sha256_HMAC.init(secret_key);
                                 byte[] mac_data = sha256_HMAC.doFinal(messageBytes);

                                 byte[] valueDecoded = Base64.encodeBase64(mac_data);
                                 String base64HMACStr = new String(valueDecoded);
                                 req.setHeader(HttpHeaders.AUTHORIZATION, String.format("%1$s %2$s:%3$s:%4$s:%5$s", "HMAC ", _webApiId, _webApiKey, timestamp, base64HMACStr));
                                 

Q: How to download content using Curl, Wget, PowerShell?

A: All responses of the Web API is compressed using gzip stream. You have to add "Accept: application/json" and "Accept-encoding: gzip, deflate" headers to your request and use gunzip tool to decompress the stream.

Unix curl:

                                 curl -v -H "Content-type: application/json" -H "Accept: application/json" -H "Accept-encoding: gzip, deflate" apimethod | gunzip -
                                 

Unix wget:

                                 wget -S -q --header "Content-type: application/json" --header "Accept: application/json" --header "Accept-encoding: gzip, deflate" -O - apimethod | gunzip -
                                 

Windows PowerShell:

                                 $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
                                 $headers.Add("Content-type","application/json")
                                 $headers.Add("Accept","application/json")
                                 $headers.Add("Accept-Encoding","gzip")
                                 Invoke-RestMethod -Method Get 'apimethod' -Headers $headers