RunSignUp Protected API

Protected API

Some API calls require a protected_api_signature parameters in the URL. These are protected APIs. To access these APIs, please contact us at to get and ID and signing secret.


These are used to generate the protected_api_signature in API requests. The signature should have the format <ID>.<UNIX Timestamp>.<Nonce>.<HMAC Hash>. The <UNIX Timestamp>portion must be within 5 minutes of the current time on the RunSignUp servers. The <Nonce> portion must be 8 random alphanumeric characters that are unique within a 15 minute interval. The <HMAC Hash> portion is the SHA1 hash (in hex) using the HMAC method of the string before this value (including the period just before). In PHP, this would be:

$id = …;
$secret = '…';
$nonce = …;
$sig = $id . '.' . time() . '.' . $nonce . '.';
$sig = $sig . hash_hmac('sha1', $sig, $secret);
echo $sig;

Signature Generator (For Testing Only)

From Our Blog:
Nov 24th, 2017
2017 Thanksgiving Registration Stats

We are very thankful for all of the race directors, timers, partners, and runners who used RunSignUp yesterday. We are also thankful that our self-serve technology worked so well (and that we didn’t have too many support calls!). At RunSignUp, we always want to share our data on the trends and drivers of registrations to … Continue reading "2017 Thanksgiving Registration Stats"

Nov 22nd, 2017
Charity Payments Bug

We discovered a small bug in our software that has affected races using Braintree Marketplace for payment, who also have Charities setup to get paid directly, where the Charity is paying the processing fee. This affected: 19 races out of the 29,000 races held since this bug was introduced 460 Transactions out of the 5,376,000 … Continue reading "Charity Payments Bug"