CSQ Docs
eVSB
  • Overview
  • Headers
  • Methods
  • Error Codes
  • Test connection
  • Utils
  • Prepaid
  • Postpaid
logoPowered by Apidog

Headers

Headers overview

eVSB uses a combination of standard HTTP headers and custom headers for various functionalities, including authentication, timestamp validation, IP verification, encryption, and caching.

Native Headers

  1. Authentication: Headers for user credentials.
  2. Timestamp Validity: Ensures the request is within a valid time frame.
  3. IP Verification: Verifies the origin of the request.
  4. Encryption System: Controls response encryption.
  5. Cache System: Manages caching to optimize bandwidth and resources.

    Authentication Headers

  • User (U): Contains the username provided by CSQ.
  • Salt (ST): Contains a Unix timestamp, valid for 30 seconds, compared with the server's timestamp for validity.
  • SaltedHash (SH): Calculated as sha256hex(sha256hex(password) + sha256hex(salt)), where sha256hex is the lowercase hex-string representation of a SHA-256 hash, + means concatenation, password is provided by CSQ, and salt is the timestamp.
    Incorrect hashes, invalid credentials, or expired salts result in HTTP 401 - Unauthorized or HTTP 500 - Internal Server Error responses.

Force Response Encryption

  • Accept: Using application/encrypt forces encrypted responses, saving bandwidth and preventing man-in-the-middle attacks. The encryption uses AES/CBC/PKCS5Padding with keys provided by CSQ.
  • Accept: Using application/json requests plain JSON responses.
    eVSB supports only application/json and application/encrypt content types. Encrypted responses are indicated by the Content-Type header and returned in binary format.

Cache Checksum System

The cache system improves bandwidth and resource efficiency by using checksums for identical URL requests.

  • Cache-Hash: Contains the last response's checksum. If the checksum matches, no body response is sent; if it differs, the full response is sent.
  • New-Cache-Hash: The server responds with the checksum of the response body.
  • This system is recommended for operations with large response bodies and should not be used for dynamic or payment operations.

Compression

eVSB supports gzip compression for responses, applied after encryption.

  • Accept-Encoding: Using gzip returns a compressed response; using identity returns an uncompressed response.
    Only gzip and identity values are supported. Compressed responses are indicated by the Content-Encoding header.

Required Request Headers

  1. U: Username provided by CSQ.
  2. ST: Current Unix timestamp.
  3. SH: Calculated SaltedHash.
  4. X-Real-Ip: Origin IP address.
  5. Accept-Encoding: Indicates response compression (gzip or identity).
  6. Accept: Indicates response type (application/json or application/encrypt).
  7. Cache-Hash: Last returned checksum or null/incorrect value for triggering the cache system.
  8. Host: Target server.
  9. Agent: Information about the origin agent/server.
    Extra headers are ignored by the server.

Response Headers

  • UID: Unique request operation ID (internal use).
  • U: Echoes the request's U header (internal use).
  • New-Cache-Hash: SHA-256 hash of the response body.
  • Content-Type: Indicates the response media type (JSON/encrypted) and charset (UTF-8).
  • Content-Length: Length of the response in bytes.
  • Date: Server timestamp in GMT.
  • Connection: Indicates connection state after response (always close as eVSB is stateless).

How to obtain headers

```JS var CryptoJS = require('crypto-js'); var moment = require('moment'); 
var password = "your_password_here"
var ST = moment().unix().toString();
var pass_sha = CryptoJS.SHA256(password).toString();
var salt_sha = CryptoJS.SHA256(st).toString();
var SH = CryptoJS.SHA256(pass_sha+salt_sha).toString()
```
```python import hashlib import time 
ST = str(int(time.time()))
password = "your_password_here"  
pass_sha = hashlib.sha256(password.encode()).hexdigest()
salt_sha = hashlib.sha256(ST.encode()).hexdigest()
SH = hashlib.sha256((pass_sha + salt_sha).encode()).hexdigest()
```
```java import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.time.Instant;

public class Main {
public static void main(String[] args) throws NoSuchAlgorithmException {
long ST = System.currentTimeMillis() / 1000;
String password = "your_password_here";

    String pass_sha = sha256(password);
    String salt_sha = sha256(Long.toString(ST));
    String SH = sha256(pass_sha + salt_sha);
}

public static String sha256(String base) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(base.getBytes(StandardCharsets.UTF_8));
StringBuilder hexString = new StringBuilder();
for (byte b : hash) {
String hex = Integer.toHexString(0xff & b);
if(hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
return hexString.toString();
}
}

</Accordion>

<Accordion title="With Php">
```php
<?php
date_default_timezone_set('UTC');

$ST = strval(time());
$password = "your_password_here";

$pass_sha = hash('sha256', $password);
$salt_sha = hash('sha256', $ST);
$SH = hash('sha256', $pass_sha . $salt_sha);
?>
Last modified: 6 months ago