Skip to main content

✍️ Learn how to sign requests

Signature hash protocol

In order to authenticate a partner, some Withings APIs use a hash value as a signature. The signature consists of the following parameters:

  • action
  • client_id
  • nonce

To generate a signature please follow these steps:

  • Generate a valid nonce using the service Signature v2 - Getnonce
  • Sort the values alphabetically by key name: action -> client_id -> nonce
  • Generate a string by concatenating values separated by a comma. The string should look this this: value1,value2,value3.
  • Apply an HMAC hashing function on the string using the algorithm sha256 and your partner's client_secret (available in your Withings partner dashboard) as a secret key.
  • Add the hash string in the parameters under the signature key.


Example of signature generation in PHP language:

$client_secret = 'My Partner Registration Client Secret';
$client_id = 'My Partner Registration Client Id';
$nonce = 'The nonce I retrieved using service: Signature v2 - Getnonce';

$signed_params = array(
'action' => 'activate',
'client_id' => $client_id,
'nonce' => $nonce,
$data = implode(",", $signed_params);
$signature = hash_hmac('sha256', $data, $client_secret);

$call_post_params = array(
// Set the generated signature
'signature' => $signature,

// Set the signed parameters as clear text in the call post parameters
'action' => 'activate',
'client_id' => $client_id,
'nonce' => $nonce,

// Set other parameters requested to call the service (here we are calling "User v2 - Activate")
'redirect_uri' => '',
'birthdate' => 1563746400
// [...]

// Then call the service by using the $call_post_params array as post parameters

Login required

Please log in to your Developer Dashboard in order to file a request.