CSQ Docs
    CSQ Docs
    CSQ API Doc
    • CSQ API Doc
    • Dummy Product Usage Guide
    • Overview
    • Headers
    • Methods
    • Error Codes
    • Test connection
    • Utils
    • Prepaid
    • Postpaid
    • Location-based Products

    Headers

    🧾 Headers Overview#

    eVSB uses a mix of standard HTTP headers and custom ones to handle key functions like authentication, encryption, timestamp validation, IP checking, compression, and caching.

    πŸ” Native Header Purposes#

    Each custom header plays a specific role in request validation and performance optimization:
    1.
    Authentication – Verifies user credentials.
    2.
    Timestamp Validation – Ensures the request is recent (within 30 seconds).
    3.
    IP Verification – Confirms the request originates from an expected source.
    4.
    Encryption System – Controls whether responses are encrypted.
    5.
    Caching System – Optimizes bandwidth using response checksums.

    πŸ”‘ Authentication Headers#

    These headers are mandatory in every request:
    HeaderDescription
    UUsername assigned by CSQ.
    STUnix timestamp (valid for 30 seconds). Used as a salt for hashing.
    SHSalted hash calculated as:
    sha256hex( sha256hex(password) + sha256hex(salt) )
    β€” all lowercase hex-encoded.
    ❗ If any of these are incorrect or expired, the server returns 401 Unauthorized or 500 Internal Server Error.

    πŸ”’ Response Encryption#

    Use the Accept header to define how you want the response:
    application/encrypt: Forces AES-encrypted binary responses using AES/CBC/PKCS5Padding with CSQ-provided keys.
    application/json: Requests plain JSON (unencrypted).
    ⚠ Only these two content types are supported.
    Encrypted responses are identified by the Content-Type header and returned in binary format.

    🧠 Smart Caching via Checksum#

    To avoid sending unchanged responses, eVSB implements a lightweight checksum strategy:
    HeaderRole
    Cache-HashSent by the client, containing the last known hash. If it matches, the body isn’t re-sent.
    New-Cache-HashServer returns the SHA-256 checksum of the current response.
    Recommended for endpoints with large static responses. Avoid using this with dynamic or payment operations.

    πŸŒ€ Compression Support#

    eVSB supports GZIP compression after encryption.
    HeaderValueResult
    Accept-EncodinggzipReturns a compressed payload
    identityReturns uncompressed content
    Compressed content is indicated with the Content-Encoding header.

    πŸ“₯ Required Request Headers#

    These must be included in all eVSB requests:
    HeaderDescription
    UCSQ-assigned username
    STCurrent Unix timestamp
    SHSalted hash (see above)
    X-Real-IpClient's origin IP
    Accept-EncodingCompression method (gzip or identity)
    AcceptResponse format (json or encrypt)
    Cache-HashLast response hash or a placeholder
    HostTarget server
    AgentIdentifies client system or app
    Any extra headers beyond these are ignored.

    πŸ“€ Response Headers#

    HeaderMeaning
    UIDInternal request tracking ID
    UEchoes the request's U value
    New-Cache-HashSHA-256 checksum of the response body
    Content-TypeMedia type (application/json or application/encrypt)
    Content-LengthSize of the response in bytes
    DateServer-side timestamp (GMT)
    ConnectionAlways set to close (stateless protocol)

    How to obtain headers#

    With JavaScript
    With Python
    With Java
    With Php
    Modified atΒ 2025-07-03 18:33:44
    Previous
    Overview
    Next
    Methods
    Built with