Y
Hacker News
new
|
ask
|
show
|
jobs
by
TriNetra
1913 days ago
You can use HMAC [0]. Create a UI to collect username/password and make an API call to login endpoint, which should return sessionId/secret. going forward sign API requests using the HMAC protocol without ever revealing the secret on the wire again.
0:
https://aspsecuritykit.net/guides/implementing-hmac-scheme-t...