|
|
|
|
|
|
by icambron
4480 days ago
|
|
|
I agree there's no excuse not to use (and force) HTTPS, but the parent did say: > hash your secret key together along with other data unique to your HTTP request, in particular the headers and the datetime So that isn't a straight hash and you can't just trivially replay. It does require you store the secret in the clear (or at least reversibly) on the server, but I see a lot of APIs do that... |
|
|