Authentication

How to authenticate requests to the Boca Raton Partner API.

Every request must include three headers:

Header	Purpose
`X-Api-Key`	Partner API key issued during onboarding
`X-Request-Timestamp`	RFC 3339 timestamp used in the signing payload
`X-Request-Signature`	HMAC-SHA256 signature over the canonical request string

Requests where X-Request-Timestamp differs from the server clock by more than 1 minute (60 seconds) are rejected. Partners should ensure their systems are synchronized via NTP.

Boca Raton Partner API

Partner backend API surface for hosted wallet integrations.

Request Signing

How to compute the HMAC-SHA256 request signature.