Definition

The Challenge-Response Check (CRC) is an HTTP header that must be present in every request between your app and Simpler.
It consists of the request's body encrypted by the secret token that was sent to you during registration.

Usage

When your app receives a request, it must compute the HMAC of the request body using the sha1 algorithm and the secret.
If the result matches the X-Simpler-CRC header, the request must be considered authenticated.

Example

/**
 * @param  \Symfony\Component\HttpFoundation\Request  $request
 * @param  string                                     $secret
 * @return bool
 */
public static function validateCRC(Request $request, string $secret): bool
{
  return hash_hmac("sha1", $request->getContent(), $secret) === $request->headers->get('X-Simpler-CRC');
}