Me2day.createPost = function(userid, apikey, body, tags, icon, func) {

    var password = Me2day.getPassword(apikey);
    var authstring = Base64.encode(userid + ':' + password);

    var request = new XMLHttpRequest();
    var postQuery = "&post[body]=" + escape(body) + '&post[tags]=' + escape(tags) + '&post[icon]=' + escape(icon);

    // async
    request.open("POST", me2day_create_post + userid + '.xml', true);
    request._task_key = 'create_post_' + TaskManager.getKey();
    request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    request.setRequestHeader("Authorization", "Basic " + authstring);
    request.onreadystatechange = func;
    request.send(postQuery);

    return request;

}

Me2day.getNonce = function() {

    if (null != this._nonce && '' != this._nonce)
        return this._nonce;

    var hx = "";
    var hexc = "0123456789abcdef";

    for (var i = 0; i < 8; i++) {
       
        var d = random(16);
        hx += '' + hexc[d];
    }

    this._nonce = hx;

    return this._nonce;

}

Me2day.getPassword = function(key) {

    if (null != this._password && '' != this._password)
        return this._password;

    var nonce = Me2day.getNonce();
    this._password = nonce + MD5(nonce + '' + key);

    return this._password;

}