Connection Handshake

After you have initiated the connection if you've hit the correct endpoint server and your UUID & Device ID exists on the platform, ChipChop will respond with a request for a handshake. You will receive a response in JSON format containing the challenge code property
{"status":"handshake","code":"e36a48d24f3","uuid":"ChpChpUsRf5c40b64c03f0b607ae9b51a3803","device_id":"000001"}
This is the step where you need to generate a response code using an MD5 Hash algorithm do create a "message digest" of the combination of your Authentication Code and the received challenge "Code".

An abstract example would be:
response_code = MD5(chipchop_challenge_code + your_auth_code)

You can find your ChipChop Authentication Code in your Development Console in the "My Account" section.

ChipChop will wait no longer than 5 seconds to receive the correct "hashed" response code and if the code is incorrect or the time has lapsed it will close the connection.

Example handshake response from your device
{"api_call":"handshake_response","response_code":"1b3f2356....","uuid":"ChpChpUsRf5c40b64c03f0b607ae9b51a3803","device_id":"000001"}
If everything is correct you will receive a welcoming "Howdy Partner!" message from ChipChop and your connection channel will stay open.
If for any reason you lose your socket connection after some time, wait 5-10 seconds and simply restart the connection process again. It's completely normal and can happen for many reasons and you should implement this re-connecting behavior to happen automatically. Sometimes the connection channel can stay open for days and sometimes it can close few times in a minute.

Handshake success response from ChipChop
{"status":"Howdy Partner!"}
I have chosen MD5 as it's not too heavy for small processors and this security layer is not about encryption but rather verification that your device belongs to your account and it's not someone impersonating you.
If you are not using the ChipChop Arduino Library you should be able to find on the internet a ready made MD5 hash function for pretty much any language.

ChipChop has a more robust OAuth2 authentication mechanism under the hood but I don't feel that it's required for average home use and would probably put too much pressure on small microporocessors.