client
$time = time() + 5*60; //UNIX timestamp plus a few minutes
$apikey = ‘1839390183ABC389101323123’;
$hash = hash_hmac(‘ripemd160’, $time, $apikey);
You would then append that hash to the end of your request:
GET /properties/list?time=$time&hash=$hash
server :
$domain = ”example.com”;
$time = $_GET[‘time’];
$now = time();
$apikey = //derive this from a database table as it is a shared value
$hash = $_GET[‘hash’];
$myhash = hash_hmac(‘ripemd160’,$time,$apikey);
if ($myhash == $hash && $now <= $time){
//you’re good to start processing
}