Request Signing

Every request needs to include a checksum that proves the client is properly authenticated.

This checksum includes a timestamp, a nonce (request ID) and a shared secret (usually the session key).

The checksum is hashed with 256-bit SHA3 (a.k.a. Keccak) and base64-encoded.

Pseudo-code in Golang:

time := zeuzsdk.TSNow()
stime := fmt.Sprintf("%v", time)
reqid := fmt.Sprintf("%v%v", rand.Int63(), rand.Int63())
keyraw := stime + reqid + client.SessionKey
hash := sha3.Sum256([]byte(keyraw))
checksum := base64.StdEncoding.EncodeToString(hash[:])