You might notice that every 1WorldSync API uses an HMAC to implement the security handshake. This includes Inbound API, DAM API, Content1 API, Read API, , Content1 API 2.0, and Read API 2.0.

This may present some confusion as there is only 1 version of the HMAC documentation showing how the HMAC is implemented in practice with examples and this is for the Content1 API. If you are using one of the other APIs, use the HMAC documentation you find for Content1 and modify the endpoints as appropriate.

Each API also has a Postman example which shows the implementation of HMAC in JavaScript for each individual API.

Finally here is an article showing a specific HMAC implementation in Python breaking the process down step by step.

https://medium.com/analytics-vidhya/1worldsyncs-api-hmac-authentication-a-python-sample-31c446b945ca