/// <summary> /// You can help us better identify API calls from your app by making server-side calls with a HTTP header named X-Insta-Forwarded-For /// signed using your Client Secret. This header is optional, but recommended for any app making server-to-server calls. To enable this /// setting, edit your OAuth Client configuration and mark the Enforce signed header checkbox. When enabled, Instagram will check for /// the X-Insta-Forwarded-For HTTP header and verify its signature. /// HMAC signed using the SHA256 hash algorithm with your client's IP address and Client Secret. /// </summary> /// <returns></returns> internal string CreateXInstaForwardedHeader() { var encoding = new ASCIIEncoding(); var hash = new HMACSHA256(encoding.GetBytes(InstagramConfig.ClientSecret)).ComputeHash(encoding.GetBytes(Ips)); var digest = hash.ByteArrayToString().ToLower(); //TODO: can the ToLower() be avoided return(string.Format("{0}|{1}", Ips, digest)); }