re: HMAC Authentication: Better protection for your API VIEW POST


HMAC is one more security layer in your API defence but when used from a Mobile App to talk with an API it can be defeated as explained on this article.

Despite HMAC can be defeated is better to use it with the JWT token than using only an API key or basic authentication.

For more techniques in defending your API please check this series of articles written by some of my colleagues at work.


Without reading the article, I have to say that I'm skeptical basic authentication is somehow more secure then HMAC. But I am not an expert in matters of security. I will add the referenced article to my reading list. Thanks for the share!


Sorry but I have not said that basic authentication is better than HMAC I was trying to say that despite HMAC can be defeated is better to use HMAC than basic authentication... I will edit my reply to make it clear.

I am glad you pointed it because after I read it again I have to admit that was confusing.


code of conduct - report abuse