Security Protocol

In order to securitize all our HTTP request we had implemented a hash signature protocol to validate every request. This signature will require a hash by the Game developer side that will include the body or query field and will be sent on the header by the id: x-api-signature also along with a timestamp, that will be sent separately by the id: x-api-time. These headers will be verified on the API side in order to validate the fields of the request.
The timestamp must be a type in millis

The hash will include the body object as a String
const signed_payload = timestamp + '.' + body.toString()
const hash = hashHmacSha256(signed_payload)
// The timestamp will be required as x-api-time
// The hash will be required as x-api-signature
For example:
// For the following body:
amount: 10
// Should obtain the following hash (will not work without our secret)
// For a body like: 1620656154162.{"amount":10}
x-api-time: 1620656154162,
x-api-signature: '06651332dd12340cba54b0e0ec1a8fed6b495823fd81a1cfae215f2b904fda10'

All GET requests will be signed just for protocol.
// With a URL as following url =
// The params in the hash will be params = /rewards/:gameId/session/:sessionId
const signed_payload = timestamp + '.' + url.toString()
const hash = hashHmacSha256(signed_payload)
See the following example:
// For a url:
url = '/rewards/0d3a01eb-73dd-4f7b-a81f-91aa0e7420c6/session/steamUser'
// The signed payload will be: 1620659326544."/rewards/0d3a01eb-73dd-4f7b-a81f-91aa0e7420c6/session/steamUser"
// We will need the following headers:
x-api-time: 1620659326544,
x-api-signature: '6d93520d0983f614f610987244435a65ab891deaaea7c5972ba8a1b14b21a811'

We provide a free license to Easy Anti-cheat engine for Elixir distributed in Elixir. Please contact tech support to provide you with integration docs
Last modified 5mo ago
Export as PDF
Copy link
On this page
Signature Protocol