Message signing now mandatory for API requests

What’s changed?

Message signing is now required for all API requests in our live environment. Any unsigned requests will fail.

Is message signing mandatory in the sandbox?

Message signing is optional in the sandbox. You can control it through the ‘Validate all requests toggle’ in Settings > Message Signatures.

• Toggle on: all requests must be signed. This mimics our live environment.

• Toggle off: both signed and unsigned requests are accepted, and signed requests are still validated.

Why have we done it?

Message signing strengthens our platform security by verifying the authenticity of all API requests and preventing request tampering during transmission.

How will this affect existing integrations?

All API requests to the live environment must now include valid signatures.

If you haven’t implemented message signing yet, see our message signature guide for setup instructions. You should also test your implementation by using our dedicated test endpoint.

Thanks for reading!

Ready to explore? Sign up for our sandbox to start testing.

Need help? Chat with us in-app or email product@griffin.com.

Stay connected:

 Read our docs

 Join our Slack community

Try our Postman collection

 Follow us on LinkedIn