API Access & Required Headers
To interact with the EpochLock encryption system, every request must include a set of headers that serve both as access control and part of the time-based encryption mechanism.
๐ Required Headers
- X-TIMESTAMP: A millisecond-precision UNIX timestamp (generated on the client).
- X-API-KEY: The SHA-256 hashed version of the timestamp + a secret, generated on the client or your backend.
- X-EMAIL: The registered email used for your EpochLock account. This identifies the billing and rate-limit tier.
๐ง Why These Headers Matter
EpochLock does not use static keys or long-term secrets. Instead, it generates short-lived API keys from your timestamp, hashed with a shared secret. This makes the encryption:
- Time-sensitive: Keys expire quickly and cannot be reused.
- Self-contained: The key is derived from known values and not stored long-term.
- Secure by design: Even if intercepted, the timestamp and hash become useless within seconds.
๐งช Example Header Block
X-TIMESTAMP: 1713904356241
X-API-KEY: 3fa85f64e3928c83a790eb7dd26fcb84...
X-EMAIL: user@example.com๐ง Rate Limiting
Rate limits are enforced server-side based on your subscription plan. You do not need to manage this manually โ EpochLock will reject over-limit requests with status code 429 Too Many Requests.
๐ Next Step:
Head to the /encrypt documentation to begin protecting data using EpochLock.