我正在尝试使用Zabo rest api创建用户，可在以下位置找到：

https://zabo.com/docs/?shell#create-a-user

api说明要执行此操作（复制并粘贴在此处）：

curl "https://api.zabo.com/sandbox-v1/users" \
  -X POST \
  -H "X-Zabo-Key: adminApiKey-established-in-dash" \
  -H "X-Zabo-Sig: signature-of-request-using-paired-secret-key" \
  -H "X-Zabo-Timestamp: 1420069800000" \
  -d '{ "id": "8b0a037f-67cb-44b7-ac2a-18e7a54561a8", "token": "zabosession-abcdef1234567890" }'

API还表示：

If you are using the REST endpoints directly, the signature generated for the X-Zabo-Sig header is formed by using the paired secret key to create a SHA-256 HMAC on the following concatenated string using hex encoding:

Timestamp + Full Request URL + Request Body where:

Timestamp is the current time in milliseconds since Unix Epoch. The request must be made within 30 seconds of the timestamp given. Example: 1420069800000
Full Request URL is the url used for the request. Example: https://api.zabo.com/v1/currencies
Request Body is the body of the request as a string, encoded using UTF-8. The whitespace in the string must be the exact same as the whitespace in the request string, for example: '{"name": "New Name}'. If there are no request arguments or it is a GET request, then simply use Timestamp + Full Request URL.

我在Python中这样做是为了生成X-Zabo-Sig和X-Zabo-Timestamp：

    def _get_signature_and_time(self, url, body, secret):
        mtime = round(time.time() * 1000)
        json_body = json.dumps(body)
        text_value = "%d%s%s" % (mtime, url, json_body)
        signature = hmac.new(secret.encode("ASCII"), text_value.encode("ASCII"), hashlib.sha256).hexdigest()
        return signature, mtime

我得到的签名与他们的库（目前仅在nodeJS中可用）提供的签名不同。然而，我是按照文档来做的。这里有我遗漏的东西吗