02 - Header Parameter

X-Code-Req-Nonce (Required, Unsigned Integer)

This is a serial number set on the request to avoid duplicate requests.
The request sending side sets a monotonically increasing value, or a random value which is not duplicated at each request.
The CodeVASP server returns an error if the same value comes in within 100 seconds.

This is a public key of the originating VASP and is used to encrypt or decrypt a message.
The PubKey used in the CodeVASP is clearly VerifyKey that verifies the signature. But this is called PubKey because the public key used for encryption/decryption can be calculated from it.

This is a value obtained by concatenating fields in the order of (X-Code-Req-Datetime, body, X-Code-Req-Nonce) to generate a byte sequence, then signing it using the Private Key of the sending host with EdDSA (Ed25519).
For details, please refer to the example which is distributed separately.
(Ed25519 https://pynacl.readthedocs.io/en/latest/signing/?highlight=Ed25519#ed25519)
It is used to authenticate the sending VASP by the CodeVASP server, and to verify that the message has not been tampered with.
It is only sent when the originating VASP sends a request and is not forwarded to the receiving VASP.
It is not included when the receiving VASP sends a response message.

This is the timestamp of when the request was sent, expressed in UTC time using ISO 8601 format. (e.g., 2022-06-31T23:59:59Z)

This is an identifier formed by joining the travel rule solution alliance name of the sending VASP and its VASP identifier within the alliance, separated by :.
- e.g., code:coinone, verifyvasp:15952089931162060684