Abstract: A system and method for public API authentication by an API server includes receiving from a client/app a PK request for a Partial Key (PK), having a User ID, Session ID, rolling hash function (Fn2) version defining a client/app hash function (Fn2), and a received Temporary Key (TK); validating the received TK using Fn2 with the Session ID and either an Initial Key (IK) or a current PK; when the TK validation is complete, sending a PK calculated using a PK hash function (Fn1) with the User ID and a slot-generated rolling random number; receiving an API request for an API service having the User ID, Session ID, Fn2 version, and a received Authorization Key (AK); validating the received AK using Fn2 with the Session ID and the current PK; and when AK validation is complete, sending a successful response from the API service.

Abstract: A system and method for public API authentication by an API server includes receiving from a client/app a PK request for a Partial Key (PK), having a User ID, Session ID, rolling hash function (Fn2) version defining a client/app hash function (Fn2), and a received Temporary Key (TK); validating the received TK using Fn2 with the Session ID and either an Initial Key (IK) or a current PK; when the TK validation is complete, sending a PK calculated using a PK hash function (Fn1) with the User ID and a slot-generated rolling random number; receiving an API request for an API service having the User ID, Session ID, Fn2 version, and a received Authorization Key (AK); validating the received AK using Fn2 with the Session ID and the current PK; and when AK validation is complete, sending a successful response from the API service.