|
|
|
|
|
|
by sidhuko
3073 days ago
|
|
|
For applications using a HMAC token with some sort of timestamp which can be checked for replay attacks. AWS has a good guide: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthenti.... For users, I'd add a OAuth layer to the application layer and still have this application using a HMAC like above. You want to try keep things 'stateless' when it comes to your API's. |
|
|