Appearance

Security Notes

Request Expiration

The server validates the timestamp and rejects any request older than 30 minutes. Ensure your system clock is synchronized via NTP.

Replay Attack Prevention

MechanismDescription
timestampEnforces request timeliness; expired requests are rejected
nonceEnsures each request is unique; the server rejects duplicate nonces within the time window

Key Management

Do Not Expose

  • Do not store the private key in client-side code
  • Do not log the private key
  • Do not commit the private key to version control systems
  • It is recommended to use an HSM or key management service

Transport Security

  • All API requests must use HTTPS
  • Plaintext HTTP is not supported
  • TLS 1.2+ is recommended

All game copyrights, trademarks, and service marks belong to their respective owners.

© 2006-2026 iGVault Limited