As a security measure, we will sign the returned data (and according to this only { code: 10000 } should be signed, but it's signing all the returned body.). Additionally, it will return Appid, Sign, Timestamp in the header of the response. The signature method SHA-256 (appid+appSecret+Timestamp+body).
Please use the data with caution if the signature verification fails. It indicates that the data has been tampered with.