Authentication is why we can distinguish you from others.
In this case, we shall use two items, appkey and appsecret.
They are assigned to each business partner at the beginning and cannot be modified later.
Remember that appsecret should be stored carefully otherwise anyone can pretend to be you.
To prove that you are not disguised, we insist that you should add a sign with every single API request.
That is, you should add additional URL Query Params below each time you make a request.