Construct a string-to-sign in the following format, where identifier is the value from the Identifier text box in the Credentials section of the Service Management API tab of System Settings, and expiry is the value of the Expiry text box in the Access Token section.
{identifier} + "\n" + {expiry}
Note
To access the settings described in this step, sign into the API Management publisher portal as described in the previous To manually create an access token section.
Generate a signature by applying an HMAC-SHA512 hash function to the string-to-sign using either the primary or secondary key.
Base64 encode the returned signature key.
Create an access token using the following format.
uid={identifier}&ex={expiry}&sn={Base64 encoded signature}
uid=53dd860e1b72ff0467030003&ex=2014-08-04T22:03:00.0000000Z&sn=ItH6scUyCazNKHULKA0Yv6T+Skk4bdVmLqcPPPdWoxl2n1+rVbhKlplFrqjkoUFRr0og4wjeDz4yfThC82OjfQ==
Use these values to create an Authorization header in every request to the API Management REST API, as shown in the following example.
Authorizaton: SharedAccessSignature uid=53dd860e1b72ff0467030003&ex=2014-08-04T22:03:00.0000000Z&sn=ItH6scUyCazNKHULKA0Yv6T+Skk4bdVmLqcPPPdWoxl2n1+rVbhKlplFrqjkoUFRr0og4wjeDz4yfThC82OjfQ==