RunSignUp Protected API

Protected API

Some API calls require a protected_api_signature parameters in the URL. These are protected APIs. To access these APIs, please contact us at to get and ID and signing secret.


These are used to generate the protected_api_signature in API requests. The signature should have the format <ID>.<UNIX Timestamp>.<Nonce>.<HMAC Hash>. The <UNIX Timestamp>portion must be within 5 minutes of the current time on the RunSignUp servers. The <Nonce> portion must be 8 random alphanumeric characters that are unique within a 15 minute interval. The <HMAC Hash> portion is the SHA1 hash (in hex) using the HMAC method of the string before this value (including the period just before). In PHP, this would be:

$id = …;
$secret = '…';
$nonce = …;
$sig = $id . '.' . time() . '.' . $nonce . '.';
$sig = $sig . hash_hmac('sha1', $sig, $secret);
echo $sig;

Signature Generator (For Testing Only)

From Our Blog:
Jun 22nd, 2018
Sales Tax & Your Race

Yesterday the US Supreme Court struck down a 1992 landmark decision (Quill Corporation vs. North Dakota) that had previously barred states from seeking sales tax from businesses unless they have a physical presence in the state. The 1992 decision had allowed online ecommerce businesses to thrive by not having to comply with the myriad and... Continue Reading →

Jun 22nd, 2018
2018 Symposium: Last Call!

With a little less than a month to the Opening Reception, we’re closing in on a sellout for the 2018 Symposium. If you’re still on the fence (or simply procrastinating), the time to register is now! Our Symposium is designed for race directors, timers, and race management/race series companies, with a variety of sessions for... Continue Reading →