Authentication

To authenticate a user we’re working witch hmac (Keyed-Hash Message Authentication Code).
The usage is really simple. We accept the headers x-date and x-authorization. How they should build see below:

x-date 2014-02-20 19:44:49.000000 GMT+0000
x-authorization demo:bBeE4SjprMssRFxikvKBhCO66lg=

The auth code is splited with a colon into username and the sha1 and base64 crypted md5(password) and the date.
Example 2014-03-15 11:45:53.000000 GMT+0000 to double check the server data.
Example to see the correct http header for x-date and x-authorization.

Here is a simple php code example:

$xDate = new DateTime('@' . time());
$xDate = $xDate->format('Y-m-d H:i:s.u T');
$defaults = array(
CURLOPT_HEADER => 0,
CURLOPT_URL => $url,
CURLOPT_FRESH_CONNECT => 1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FORBID_REUSE => 1,
CURLOPT_HTTPHEADER => array(
   'x-date:' . $xDate,
   "x-authorization:" 
   . $username:
   . base64_encode(hash_hmac('sha1', md5($password)
      ."\\n"
      . $xDate, md5($password), true))
),
);
$ch = curl_init();
curl_setopt_array($ch, $defaults);
$result = curl_exec($ch);

Request:

Request Headers:
Connection: keep-alive
x-date: 2014-02-20 19:44:49.000000 GMT+0000
x-authorization: demo:bBeE4SjprMssRFxikvKBhCO66lg=
Host: login.42call.com

Every request is valid for 180 seconds. Afterwards you will receive an error (1011 -> Wrong x-date Too Old.).

Attention:
To test your results step by step check out this debug tool.
Debugger: x-authorization-debug

Example page or some sample code PHP or .NET at github.