Hello, thank you for the answer.
See below what say the documentation about the authentication:
Example of request authentication:
apikey=c3KJ7M5jw8SKSrq3QnKA8D7DHZCpwSlx&nonce=1455036025843&apisignature=9a6729684c40a7c66892782cc3b0426833e699a1b77e1a5b44d63d82ba83667
Where parameters are:
apikey - Your key generated in your account
nonce - current unix timestamp
apisignature - signature (digest) of the request params passed through HMAC-SHA256
To generate the apisignature, you have to pass the request payload (i.e. apikey, nonce + request parameters) through hash method using the secret key provided from the UI
And below an example in Javascript:
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha256.js"></script>
<script>
var xhr = new XMLHttpRequest(),
secret = 'aefij3ldaase_ase23fdAdwjnA2123fFa',
body = 'apikey=' + 'dgsdrij234fsdfgkhr' + '&nonce=' + Date.now();
var signature = CryptoJS.HmacSHA256(body, secret);
xhr.open('POST', 'https://www.account.com/api/offer/list');
xhr.setRequestHeader('Content-Type', 'text/plain');
xhr.setRequestHeader('Accept', 'application/json');
xhr.send(body + '&apisignature=' + signature);
</script>
I already tried something that not require authentication and it worked but no result when is required the authentication.