Hash-Based Message Authentication Code (HMAC)

BitGo access tokens (V2 and later) uses hash-based message authentication code (HMAC) to validate communication between your app and BitGo. HMAC is a hashing function that prevents man-in-the-middle attacks by mathematically checking for tampered requests. The BitGo JavaScript SDK automatically generates HMAC values on all your outgoing communications to BitGo, passing details such as:

  • Access token
  • Body parameters
  • Current time
  • URL and method

After receiving a request with an HMAC header, BitGo runs a similar hashing function that confirms that all the data is tamper free.

See Also

Create Access Tokens