In #2632 API signature validation was added to the backend service. This same approach was used for the auth service in #2709, but it was mentioned in the linked comment that it was vulnerable to replay attacks. That was addressed in the PR for the auth service but it needs to also be patched in the backend service as well.
See https://github.com/interledger/rafiki/pull/2709#discussion_r1596469843
In #2632 API signature validation was added to the
backendservice. This same approach was used for theauthservice in #2709, but it was mentioned in the linked comment that it was vulnerable to replay attacks. That was addressed in the PR for theauthservice but it needs to also be patched in thebackendservice as well.