eVSB uses a mix of standard HTTP headers and custom ones to handle key functions like authentication, encryption, timestamp validation, IP checking, compression, and caching.
Each custom header plays a specific role in request validation and performance optimization:1.
Authentication β Verifies user credentials.
2.
Timestamp Validation β Ensures the request is recent (within 30 seconds).
3.
IP Verification β Confirms the request originates from an expected source.
4.
Encryption System β Controls whether responses are encrypted.
5.
Caching System β Optimizes bandwidth using response checksums.
These headers are mandatory in every request:Header | Description |
---|
U | Username assigned by CSQ. |
ST | Unix timestamp (valid for 30 seconds). Used as a salt for hashing. |
SH | Salted hash calculated as:
sha256hex( sha256hex(password) + sha256hex(salt) ) β all lowercase hex-encoded. |
β If any of these are incorrect or expired, the server returns 401 Unauthorized
or 500 Internal Server Error
.
π Response Encryption#
Use the Accept
header to define how you want the response:application/encrypt
: Forces AES-encrypted binary responses using AES/CBC/PKCS5Padding with CSQ-provided keys.
application/json
: Requests plain JSON (unencrypted).
β Only these two content types are supported.
Encrypted responses are identified by the Content-Type
header and returned in binary format.
π§ Smart Caching via Checksum#
To avoid sending unchanged responses, eVSB implements a lightweight checksum strategy:Header | Role |
---|
Cache-Hash | Sent by the client, containing the last known hash. If it matches, the body isnβt re-sent. |
New-Cache-Hash | Server returns the SHA-256 checksum of the current response. |
Recommended for endpoints with large static responses. Avoid using this with dynamic or payment operations.
π Compression Support#
eVSB supports GZIP compression after encryption.Header | Value | Result |
---|
Accept-Encoding | gzip | Returns a compressed payload |
| identity | Returns uncompressed content |
Compressed content is indicated with the Content-Encoding
header.
These must be included in all eVSB requests:Header | Description |
---|
U | CSQ-assigned username |
ST | Current Unix timestamp |
SH | Salted hash (see above) |
X-Real-Ip | Client's origin IP |
Accept-Encoding | Compression method (gzip or identity ) |
Accept | Response format (json or encrypt ) |
Cache-Hash | Last response hash or a placeholder |
Host | Target server |
Agent | Identifies client system or app |
Any extra headers beyond these are ignored.
Header | Meaning |
---|
UID | Internal request tracking ID |
U | Echoes the request's U value |
New-Cache-Hash | SHA-256 checksum of the response body |
Content-Type | Media type (application/json or application/encrypt ) |
Content-Length | Size of the response in bytes |
Date | Server-side timestamp (GMT) |
Connection | Always set to close (stateless protocol) |
Modified atΒ 2025-07-03 18:33:44