addons icon indicating copy to clipboard operation
addons copied to clipboard

Published 20 hours ago verified publisher icon netlify

Docs: Description of auth token sending patterns may be incorrect

Open verythorough opened this issue 5 years ago • 1 comments

Based on some troubleshooting with a partner, @bettse identified a section of the repo README that seems to be incorrect:

Under "Registering your add-on", I believe this is inaccurate:

All requests from Netlify to your add-on’s management API will contain an X-Nf-Sign authorization header. You can verify request are coming from Netlify by verifying the X-Nf-Sign header against your add-on secret.

I think that requests to the add-on's management API have the Authorization header with bearer {service secret}, and that the NON-management API requests (those that we proxy from /.netlify/{service slug}) are the ones with the x-nf-sign header.

While in there, it would be helpful to do a pass to check for broken links (for example, Eric noted the 'Getting started' link under https://github.com/netlify/addons#verification-with-jws).

verythorough avatar Sep 29 '20 19:09 verythorough

Moving this to icebox per a decision to invest more time in addons. Please comment if you feel otherwise

erezrokah avatar May 27 '21 09:05 erezrokah