security.xmlfile under application you have to create one or many secret keys.
security.xmlwill be a valid input to determine the expected calculated hash. The advantage of having more than one secret key is that you can implement a rotation of secret-keys without interruption of services:
<include-in-hash>block of the endpoint, in the order in which they are listed there. (If there is no
<include-in-hash>section, or there is but it's empty, then no parameters are added to the hash's source string for this step.)