re: HMAC Authentication: Better protection for your API VIEW POST

FULL DISCUSSION
 

Hello Pim,

Thanks for sharing, but what about the server side code to verify the validity of the hash? could you provide an example ?

Thanks

 

Thanks for the feedback. This is pretty instance specific, but is the reason the username is included un-encoded. You would use this value to lookup the user (perhaps in a database), if there's a matching record build the hash internally and compare to what's provided.

code of conduct - report abuse