Open jezzsantos opened 4 months ago
As described here: https://github.com/jezzsantos/saastack/blob/main/docs/design-principles/0025-modularity.md, we need some secure mechanism to protected "private" endpoints from being accessed directly by external clients. They must be accessible only by other deployed API hosts.
HMAC (with a shared key) is a good candidate, but it would need a different AuthenticationHandler than the one we now use for inter-service communication for service accounts.
As described here: https://github.com/jezzsantos/saastack/blob/main/docs/design-principles/0025-modularity.md, we need some secure mechanism to protected "private" endpoints from being accessed directly by external clients. They must be accessible only by other deployed API hosts.
HMAC (with a shared key) is a good candidate, but it would need a different AuthenticationHandler than the one we now use for inter-service communication for service accounts.