Thanks @beebee ,I only recevie the Email without any aprove link. does I need use the rule to general device Id: UnderstandingDeviceId
the node code:
const crypto = require('crypto')
const myUID = crypto.createHash('sha256')
.update(username)
.update(password)
.update(secret)
.digest('hex')
it is SHA-256 hash in hex format (a 64 character string). The hash is based on some arbitrary, but non-changing fields - username , password , and some kind of app-specific secret
and at last It say
you can use whatever fields you want as long as they don't change.
but I use Md5(username+password+apiSecret),I think it don’t change,and I can see my app in the trust device list ,and recevie the Email (with no any aprove link),but I try send order in Replay and live ,it is be Aceess deny too.
so I confuse the rule of general the device Id ,May be the live and replay model will use a typical rule to general the deviceId to check my id is valid or not?mybat like:
byte[] bytes = SHA256(userName+password+apiSecre);
String hexString = hex(bytes);
but I found the String is like
33e321c0f7b5b570a76cb4c4417d6af0d7f7a9d8bf4da8f9a7ea391993617ca2
not similar the example ,like
d7afce-0496a0-8d7651-79f60-c6f3-8fa9d
and I also be Aceess Denies 