re: HMAC Authentication: Better protection for your API VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

Thanks for the feedback. This is pretty instance specific, but is the reason the username is included un-encoded. You would use this value to lookup the user (perhaps in a database), if there's a matching record build the hash internally and compare to what's provided.

code of conduct - report abuse