Every request needs to include a checksum that proves the client is properly authenticated.
This checksum includes a timestamp, a nonce (request ID) and a shared secret (usually the session key).
The checksum is hashed with 256-bit SHA3 (a.k.a. Keccak) and base64-encoded.
Pseudo-code in Golang:
time := zeuzsdk.TSNow() stime := fmt.Sprintf("%v", time) reqid := fmt.Sprintf("%v%v", rand.Int63(), rand.Int63()) keyraw := stime + reqid + client.SessionKey hash := sha3.Sum256(byte(keyraw)) checksum := base64.StdEncoding.EncodeToString(hash[:])