Secure API Playground support for request signing (HMAC, nonce, timestamp, idempotency)

[murat-ozdemir]

Problem
We are documenting a security-first API that requires request signing in addition to standard authentication.

Each request must include dynamically generated headers such as:
• HMAC signature
• Nonce
• Timestamp
• Idempotency key

While Mintlify’s API Playground is a great feature, it currently cannot be used with APIs that require signed requests because:
• There is no way to compute or inject dynamic headers per request
• There is no pre-request hook or scripting mechanism
• Login responses cannot propagate tokens to subsequent requests

As a result, the Playground is unusable for many enterprise, fintech, or banking-grade APIs, and teams are forced to disable it or build complex proxy-based workarounds.

⸻

Feature Request
We would like to request support for secure and dynamic request handling in the API Playground, such as:
• Ability to define dynamic headers (e.g. HMAC, nonce, timestamp)
• A pre-request hook / script to compute headers before sending the request
• Optional propagation of auth tokens from login responses
• Ability to scope these behaviors to sandbox / playground environments only

This would allow the Playground to work with signed APIs without exposing secrets or weakening security.

⸻

Why this matters
Many modern APIs (fintech, payments, energy, IoT, enterprise integrations) rely on signed requests for security and compliance reasons.

Supporting this use case would:
• Greatly improve developer experience
• Remove the need for disabling the Playground
• Make Mintlify suitable for a wider range of enterprise and regulated APIs

⸻

Additional context
We explored multiple alternatives (manual headers, proxy gateways, signing middlewares), but these significantly increase complexity and move responsibility away from the documentation platform.

Native support in Mintlify would be a much cleaner and safer solution.

⸻

Thanks for considering this request — we love Mintlify and would be excited to see the API Playground evolve in this direction.