martindale
commented
9 years ago Was this unintentionally merged, or is it now out of WIP status?
Closed pnagurny closed 9 years ago
martindale
commented
9 years ago Was this unintentionally merged, or is it now out of WIP status?
This should not be merged in until the backend changes are running in prod.
We have removed nonces in favor of having an optional layer of security which protects against replay attacks and ensures request order. Clients can optionally create an API session (POST /sessions). In subsequent requests they can include this sessionId with a requestNumber which is incremented by one each time. Sessions expire after 15 minutes of inactivity.