Message Integrity (Digest)

Every TS → Custodial request includes hash, an MD5 digest you must verify.

Digest format

MD5( methodName + YYYY:MM:DD:hh + password )

• methodName = last path segment (e.g., getbalance, opentrade, closetrade)

• hh = 12‑hour clock (01–12) as used by TS

• password = shared secret agreed with TS

Reference (PHP‑style)

Time sync: Ensure both sides use the same timezone (recommend UTC) and the same 12‑hour formatting. Consider accepting ±1 hour to tolerate clock skew.

Hardening (recommended): Prefer HMAC‑SHA256 with explicit timestamp & nonce (while still supporting MD5 for compatibility). Include an Idempotency-Key header on opentrade/closetrade.