Making requests to the API
Most API requests need to be encoded with application/x-www-form-urlencoded and sent as HTTP GET or POST requests to the appropriate API endpoint. When uploading files multipart/form-data encoding is also supported. A total of three HTTP header fields are needed:

Apiauth-Key HMAC authentication key that you got when you created your HMAC authentication from the Apps dashboard.
Apiauth-Nonce A unique number given with each API request. It's value needs to be greater with each API request.
Apiauth-Signature Your API request signed with your HMAC secret that you got when you create your HMAC authentication from the Apps dashboard.


Apiauth-Nonce
Each request also requires a nonce. A nonce is an integer number, that needs to increase with every API request. It's value has to always be greater than the previous request. It is used to ensure identical API requests have different signatures, making impossible for someone to copy your API requests and re-execute them later on.

A good trick to creating the nonce is to use the unix timestamp in milliseconds. This way you'll always get an incrementing number, just be careful to not send two API calls at the same time or they will have the same Nonce.

Most API requests need to be encoded as application/x-www-form-urlencoded, when uploading files multipart/form-data encoding is also supported. With most programming languages you can urlencode your API requests using standard functions.

With Python you can use urllib.urlencode. Example: urllib.urlencode({"foo":"bar", "baz": "quux"} which results in ?foo=bar&baz=quux.

Apiauth-Signature
The Apiauth-Signature is made by creating a string containing the following arguments and then hashing them with your HMAC authentication secret using SHA256.

The Nonce. A 63 bit positive integer, for example unix timestamp as milliseconds.
HMAC authentication key.
API endpoint, for example, /api/wallet/.
API arguments encoded as application/x-www-form-urlencoded. Files encoded as multipart/form-data.