Advanced security options (shared secret)
As you may have noticed your API request is only authorised by your API key. To prevent unauthorized access and "reply attacks", we offer a signature mechanism with a shared secret. On request we will associate a shared secret with your API key and enforce the signature security policy. To sign a request you have to add a Unix timestamp to your URL and calculate an MD5 hash of the whole request string and the assigned shared secret. The request will expire after 5 minutes.
PHP example to use our API with a shared secret:
For mobile applications we recommend a proxy for authorisation and cache.