Every authentication string must be signed with an HMAC hash of the sig_field and ts fields.
In pseudocode, this looks like:
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/hmac-sha256.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/enc-base64.min.js"></script>
let hash = CryptoJS.HmacSHA256('<sig_field>|<timestamp>','<hash_supplied_by_OG>');
let hash_base64 = CryptoJS.enc.Base64.stringify(hash);
//hash_base64 is the authentication key to use
Or, if you are using trust groups, it looks like:
HMAC(<your_hash>, "<sig_field>|<trust_group>|<ts>")
Just about every major language has libraries that help you generate this hash. Below are some examples, and here's the whole list.
Command Line
$ echo -n 'test_user|1488466536' | openssl dgst -sha256 -hmac 'NT2kBcFx%!7dnAOVv9}i3CR*<L66w5' -binary | base64
BNobNOMlv3DDv6IXs861hx6WMM/4qP4V18tSYM8mPoQ=
Python
import base64
import hashlib
import hmac
import time
user = "test_user"
timestamp = int(time.time())
secret_key = "NT2kBcFx%!7dnAOVv9}i3CR*<L66w5"
user_and_time = "{}|{}".format(user, timestamp)
hash_obj = hmac.new(key=bytes(secret_key), msg=bytes(user_and_time), digestmod=hashlib.sha256)
signature = base64.b64encode(hash_obj.digest())