+ Instead of sending the Date header, use Request-Date
+ HMAC access is not the best option as both public and private keys will be publicly available, OAuth authorization option is preferred