Operator
Operator-facing endpoints require HMAC-SHA256 request signing with replay protection via three headers:
| Header | Description |
|---|---|
X-Operator-ID |
Your operator UUID |
X-Timestamp |
Current Unix epoch seconds. Must be within ±30s of server time. |
X-HMAC-SHA256 |
hex(HMAC-SHA256(secret, timestamp + compact_json_body)). For GET requests, sign only the timestamp. |
The RGS also signs all outgoing callbacks with the same scheme via X-Timestamp and X-HMAC-SHA256 headers.
For computation steps, code examples, and callback verification, see the Authentication Guide.
Operator Operations