Increase security of an API POST by including encrypted date?

I am pretty much a newbie to InfusionSoft but I have been working with one of my colleagues who has some fair amount of knowledge… however this question is beyond him.

We have been able to create posts to our web site api to register users and validate whether an email and/or username is available. However we now would like to beef up the security of our web site api by adding a parameter that is an encrypted string based on 1) UTC DateTime and 2) a “key” that we provide.

The web site server would decrypt the DateTime and make sure that the unencrypted date is withing the allowed time for a request. (e.g. within 5 minutes of “now”)

In C# the code to generate this string might look something like this:

    public string GenerateSecurityKey()
        var str = DateTime.UtcNow.ToString("o");
        var key = new byte[8] { 14, 1, 4, 13, 56, 2, 15, 9 };
        return Crypt(str, key);

    public static string Crypt(string text, byte[] key)
        var iv = new byte[8]  { 84, 43, 22, 15, 155, 133, 12, 4 };
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateEncryptor(key, iv);
        byte[] inputbuffer = Encoding.Unicode.GetBytes(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Convert.ToBase64String(outputBuffer);

Is there a scripting language, or the ability to use C, PHP, C# or some other language to make this algorithm available to InfusionSoft so that I could program something like this? If this is possible I would love some links to help me get started. Thanks!

No, we don’t provide any sort of parameter verification like that on our endpoints.

We use TLS1.2 to secure all traffic, and even if someone attempted a packet replay attack using a middle-man captured request they would be doing so blind, and five minutes vs the eight hours an Access Token is valid for doesn’t make much difference.

If you have further concerns regarding this, it is possible to call the /token endpoint and refresh your Access Token more frequently, even down to that same five-minute window, which would cause requests with an outdated token to be rejected by our API proxy before they even hit our application servers.