Last updated: December 12, 2025
Brevix API Documentation
Authentication
Public API documentation for Brevix.
Authenticating requests
The Brevix API uses OAuth 2.0 and HMAC for secure API access. This flow enables your application to act on behalf of users:
- Register Your App — In Brevix’s API Settings, register a new application to receive apikey, client_id and client_secret.
- To authenticate requests, include a
X-SIGNATURE,X-API-KEYandX-TIMESTAMPheader with the value"{YOUR_CLIENT_KEY}". - To get your HMAC auth, follow these steps : -
- You can retrieve your token by visiting your dashboard and clicking Generate API token.
- HMAC (signature) authentication
To sign requests using HMAC, follow these steps:-
Algorithm: HMAC-SHA256 Secret: your API secret (keep this private) String to sign: HTTP method + "\n" + request path + "\n" + timestamp + "\n" + body hash (or empty for no body) Headers: include Authorization: HMAC {API_KEY}:{SIGNATURE} and X-Timestamp: {TIMESTAMP}curl -H "Authorization: HMAC {API_KEY}:{SIGNATURE}" \ -H "X-Timestamp: {TIMESTAMP}" \ -H "Content-Type: application/json" \ -d `{"foo":"bar"}` \ https://api.brevix.ly/v1/resource$method = strtoupper($method); $path = "/v1/resource"; $timestamp = time(); $bodyHash = $body ? hash("sha256", $body) : ""; $stringToSign = $method . `\n` . $path . `\n` . $timestamp . `\n` . $bodyHash; $signature = hash_hmac("sha256", $stringToSign, $secret); $authHeader = "Authorization: HMAC {$apiKey}:{$signature}";import time import hmac import hashlib method = method.upper() path = "/v1/resource" timestamp = str(int(time.time())) body_hash = hashlib.sha256(body.encode()).hexdigest() if body else "" string_to_sign = method + "\n" + path + "\n" + timestamp + "\n" + body_hash signature = hmac.new(secret.encode(), string_to_sign.encode(), hashlib.sha256).hexdigest() auth_header = "Authorization: HMAC {api_key}:{signature}"const crypto = require("crypto"); const method = method.toUpperCase(); const path = "/v1/resource"; const timestamp = Math.floor(Date.now() / 1000).toString(); const bodyHash = body ? crypto.createHash("sha256").update(body).digest("hex") : ""; const stringToSign = `${method}\n${path}\n${timestamp}\n${bodyHash}`; const signature = crypto.createHmac("sha256", secret).update(stringToSign).digest("hex"); const authHeader = `Authorization: HMAC ${apiKey}:${signature}`;