# HTTP signatures

To increase the security of requests sent to the Upvest Investment API, all requests sent must be signed with a signature algorithm. We currently support the following signature algorithm versions.

## Supported versions

All requests sent to the Investment API must be signed.

- The Investment API supports the following signature algorithms:
  - **Version 6** as defined in [the IETF draft for HTTP Message Signatures v6](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-06).  This is the default algorithm that the Investment API uses.
  - **Version 15** as defined in [the IETF draft for HTTP Message Signatures v15](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-15).


Use our open source HTTP signature proxy to instantly add the HTTP signature functionality to any API testing tool of your choice. 

- HTTP signature proxy **v1.3.8 and older** use V6 of algorithm
- HTTP signature proxy **v1.3.9 and newer** use V15 of algorithm.


## Implementation guides

We have provided tutorials on how to implement each of these.
There is also a guide describing how to upgrade from v6 to v15.

- ['Implementing HTTP signatures v6'](/products/tol/getting_started/http_signatures/implementing_http_signatures_v6): Learn how to implement signatures v6.
- ['Implementing HTTP signatures v15'](/products/tol/getting_started/http_signatures/implementing_http_signatures_v15): Learn how to implement signatures v15.
- ['Upgrade HTTP signatures from v6 to v15'](/products/tol/getting_started/http_signatures/upgrading_http_signatures_v6_v15): Learn how to upgrade from v6 to v15.


## Further concept materials

Technical concept materials can be found within the section of the documentation.

- [v15 concepts](/products/tol/concepts/api_concepts/http_signatures/v15)
- [v6 concepts](/products/tol/concepts/api_concepts/http_signatures/v6)