 | Documentation Feedback |  |
Amazon FPS applications enable payments between buyers and sellers. Web service requests are sent over the Internet using SSL (HTTPS).
HTTPS does not establish the identity of the requester. To establish the identity of the requester, Amazon FPS uses a signature.
A signature is an encrypted value that you generate and include as a parameter value in every request using the signature parameter as in the following example.
Signature=K2ryWe7s/0AHI0/PbuAveuUPksTefhmNCzDTold2VYA=
With signature version 2, you have the option of using either SHA256 or SHA1 for signature authentication in inbound requests. For outbound notifications, the RSA-SHA1 algorithm is supported.
![[Important]](images/important.png) | Important |
|---|---|
The previous method for signing (signature version 1) expired on 01 November, 2010. From that date forward, any signing you do with your access keys must be done using signature version 2. |
Signing is required for all Amazon FPS API requests (except for VerifySignature), and optional but recommended for Co-Branded service requests. If you do not sign a Co-Branded service request, you must manually determine whether the request has been tampered. For detailed information about generating a signature, see Working with Signatures.
