I’ve set-up tyk to use HMAC authorisation on our API’s. This works fine for requests made backend to backend and with Postman. However when making requests from client web applications we run into the problem that we cannot set the Date field. It is a forbidden field that cannot be altered and is controlled by the browser. Tyk however requires the header field to be present.
When preparing the request it is not yet available so I cannot use it to calculate the signature.
How can this be solved. Can we use a different header to send the Date?