/// <summary>
/// You can help us better identify API calls from your app by making server-side calls with a HTTP header named X-Insta-Forwarded-For
/// signed using your Client Secret. This header is optional, but recommended for any app making server-to-server calls. To enable this
/// setting, edit your OAuth Client configuration and mark the Enforce signed header checkbox. When enabled, Instagram will check for
/// the X-Insta-Forwarded-For HTTP header and verify its signature.
/// HMAC signed using the SHA256 hash algorithm with your client's IP address and Client Secret.
/// </summary>
/// <returns></returns>
internal string CreateXInstaForwardedHeader()
{
var encoding = new ASCIIEncoding();
var hash = new HMACSHA256(encoding.GetBytes(InstagramConfig.ClientSecret)).ComputeHash(encoding.GetBytes(Ips));
var digest = hash.ByteArrayToString().ToLower(); //TODO: can the ToLower() be avoided
return(string.Format("{0}|{1}", Ips, digest));
}
