Optional authentication on webhook

Open mlandauer opened this issue 12 years ago • 1 comments

So that we know that the callback came from Cuttlefish and not someone else pretending

Jul 10 '13 07:07 mlandauer

This could be a more elegant way to do it: http://progrium.com/blog/2012/12/17/http-signatures-with-content-hmac/

Which means that Cuttlefish is always doing the same thing and it's up to the client app to be more paranoid if it wants to be.

Jul 17 '13 02:07 mlandauer