search

BBVA / qed

The scalable, auditable and high-performance tamper-evident log project
https://qed.readthedocs.io/
Apache License 2.0
94 stars 19 forks source link

APIKey usage and validation #142

Closed suizman closed 4 years ago

suizman commented 5 years ago

Right now out API HTTP only validates that the Api-Key header is not empty. Should we use the APIKey to salt the incoming events or validate the API access? If not just remove it from our code?

gdiazlo commented 4 years ago

Let's remove it. We don't need that, at least not now.