Comment on page



HMAC-based authentication is the way you authenticate to LYNX's API. To be able to use HMAC-based authentication, you will need an api-keythat needs to remain secret and known only to you and LYNX.
When making an API call to LYNX's Recommendation API you need to add the following parameters to every call:
Parameter Name
Current UTC unix timestamp (seconds).
Hash signature computed from your request URI path without protocol, host and query string.

How to sign a request

Let's see how to compute the signature for making valid recommendation API requests. For example if your api-key is api-key123456 and you want to make a call to the following URI:
First you need to take the URI's path without the protocol, host and query string, as shown below:
Then you must append the utc_timestamp (UTC UNIX timestamp).
Next you take the string above and generate a hash signature using the HMAC-SHA256 algorithm and the api-key which produces the following hash code (signature).
Finally you append then utc_timestamp and the signature parameters to the API call as shown below.

Client-side implementation examples

Here are some examples of how to build a proper recommendation API request, implemented in some popular programming languages.


A C# example using .NET Framework 4.6 (or higher) or .NET Core 2.0 (or higher).
string apikey = "api-key123456";
string uriToCall = ""
string uriToHash = "/api/v1/recommender/1234567890/items/445/bought/together";
long utc_timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
uriToHash = uriToHash + "?utc_timestamp=" + Convert.ToString(utc_timestamp);
HMACSHA256 hmac = new HMACSHA256(apiKey);
byte[] hashedText = hmac.ComputeHash(Encoding.ASCII.GetBytes(textToHash));
string signature = Convert.ToString(hashedText);
uriToCall = uriToCall + "&utc_timestamp=" + utc_timestamp + "&signature=" + signature;