Authorization for the Qwindo API call is based on the HMAC approach. First you need to get your Qwindo API key and HASH ID from merchant panel of Qwindo. You can find it in the section of your sites register for Qwindo. You need to copy and save them on your side for further use to connect to Qwindo API.

For every call you are doing to the Qwindo API you need create a proper authorization to be allowed doing operations on the data.

Authorization sample code is:

function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
 
$hash_id = 'xxxxxxxxxxxx';
$qwindo_key = 'xxxxxxxxxxxx';
$url = 'Valid current api url call, add params if available';
$timestamp = microtime_float();
$data = 'Valid json string of data that you are passing to the Qwindo API';
 
//here we generate the auth token that will allow us to check the authorization for the call
$token = hash_hmac('sha512', $url.$timestamp.$data, $qwindo_key);
//generate the authorization base64 encoded string that includes the HASH ID, current call timestamp and generated token based on the url, timestamp and JSON data
$auth = base64_encode(sprintf('%s:%s:%s', $hash_id, $timestamp, $token);
 
//add the header to the call you want to do
header('Auth: '.$auth);

For more information about obtaining the authorisation keys, please go to Feed Setup.