The app's request-signing secret (apisign_…). Server-side only.
HTTP method (e.g. "GET", "POST").
Request path INCLUDING query string, exactly as it will be sent.
Raw request body string; pass "" for requests without a body.
The SignatureHeaders to merge into the outgoing request headers.
Compute the signature headers for one request. The SDK calls this automatically for every request when a
signingSecretis configured — call it directly only if you are building your own transport.A fresh timestamp and nonce are generated on each call, so signatures are single-use.