re: HMAC Authentication: Better protection for your API VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Hello Pim, Thanks for sharing, but what about the server side code to verify the validity of the hash? could you provide an example ? Thanks
 

Thanks for the feedback. This is pretty instance specific, but is the reason the username is included un-encoded. You would use this value to lookup the user (perhaps in a database), if there's a matching record build the hash internally and compare to what's provided.

code of conduct - report abuse