When you encounter a 401 Unauthorized error while requesting the Open API, it is usually because the HMAC signature was generated incorrectly.
Since this type of issue is typically related to the seller's local code logic and the platform does not retain logs for encryption failures, our support team cannot easily reproduce or troubleshoot the issue on our end. To resolve the issue quickly, please follow these 3 steps:
1)Verify your keys: Log in to the Wing back-office and check that the Access Key and Secret Key are correct.
2)Check the server time: The server time is used when generating the HMAC signature. If the time is inaccurate, or if you do not generate a new signature for each request, authentication will fail.
3)Check your code logic: If the keys and time are correct, it is likely an error in the parameter encryption or URL path concatenation. Please make sure to distinguish the encryption rules for different request methods (GET, POST, DELETE, etc.).
HMAC Signature Generation: View Document
Java Code Example: View Example
Node.js Code Example: View Example
PHP Code Example: View Example
Python Code Example: View Example
C# Code Example: View Example
ASP Code Example: View Example
Special Note for .NET Users:
If you are using .NET, please check whether the default WebRequest / WebClient automatically decodes the ~ character in the URL, as this can invalidate the signature.