RunSignUp Protected API

Protected API

Some API calls require a protected_api_signature parameters in the URL. These are protected APIs. To access these APIs, please contact us at to get and ID and signing secret.


These are used to generate the protected_api_signature in API requests. The signature should have the format <ID>.<UNIX Timestamp>.<Nonce>.<HMAC Hash>. The <UNIX Timestamp>portion must be within 5 minutes of the current time on the RunSignUp servers. The <Nonce> portion must be 8 random alphanumeric characters that are unique within a 15 minute interval. The <HMAC Hash> portion is the SHA1 hash (in hex) using the HMAC method of the string before this value (including the period just before). In PHP, this would be:

$id = …;
$secret = '…';
$nonce = …;
$sig = $id . '.' . time() . '.' . $nonce . '.';
$sig = $sig . hash_hmac('sha1', $sig, $secret);
echo $sig;

Signature Generator (For Testing Only)

From Our Blog:
Sep 21st, 2017
The Risks of Declining Registrations

There was a recent article on Bloomberg News suggesting that the next financial crisis could start in Silicon Valley and “Fintech”. Fintech is a broad term, but touches all races who use online registration with the movement of over $1 Billion per year thru the 100 or so race registration systems. Here are some of … Continue reading "The Risks of Declining Registrations"

Sep 21st, 2017
Child Privacy

To protect the data the races who use as as their online registration platform, we have made some updates to your race, event and club websites to better protect the online privacy of children, particularly those under the age of 13. Our updates are designed with the Children’s Online Privacy Protection Rule (“COPPA”) in mind and … Continue reading "Child Privacy"