diff --git a/src/Api/ApiClient.php b/src/Api/ApiClient.php
index b6f5fc3..10ca7f7 100644
--- a/src/Api/ApiClient.php
+++ b/src/Api/ApiClient.php
@@ -74,8 +74,8 @@ public function sendRequest(
     array $data = []
   ): mixed {
     $timestamp = gmdate('c');
-    $authKey = $this->generateAuthKey($timestamp);
-    $hashedPassword = $this->hashPassword();
+    $authKey = $this->generateAuthHmac($timestamp, $this->apiSecurityKey);
+    $hashedPassword = $this->generateAuthHmac($this->apiPassword, $authKey);
 
     // Add authentication parameters to the request data.
     $data = array_merge([
@@ -101,21 +101,14 @@ public function sendRequest(
   }
 
   /**
-   * Generate the authentication key using the API security key.
-   */
-  private function generateAuthKey($timestamp): string {
-    return base64_encode(
-      hash_hmac(
-        'sha256', $timestamp, $this->apiSecurityKey, TRUE
-      )
-    );
-  }
-
-  /**
-   * Hash the API password using SHA256.
+   * Generates an HMAC SHA256 hash using the API security key.
+   *
+   * @param string $message The message to hash.
+   * @param string $secret The secret key for HMAC.
+   * @return string The base64-encoded HMAC hash.
    */
-  private function hashPassword(): string {
-    return hash('sha256', $this->apiPassword);
+  private function generateAuthHmac($message, $secret): string {
+    return base64_encode(hash_hmac('sha256', $message, $secret, true));
   }
 
 }
diff --git a/src/Service/PurchaseService.php b/src/Service/PurchaseService.php
index eb0e9cf..a417c35 100644
--- a/src/Service/PurchaseService.php
+++ b/src/Service/PurchaseService.php
@@ -45,8 +45,7 @@ public function __construct(ApiClient $apiClient) {
    * @return array
    *   The purchase response.
    */
-  public function sendPurchase($productID, $amount, $phoneNumber, $ctid
-  ): array {
+  public function sendPurchase($productID, $amount, $phoneNumber, $ctid): array {
     $endpoint = 'WSSendTopUpPurchaseRequest';
     $body = [
       'Product' => $productID,