brianehlert
commented
8 years ago Posting to a trigger does not require authentication. It is simply an incoming message to an obscure endpoint.
Closed ajagnanan closed 8 years ago
brianehlert
commented
8 years ago Posting to a trigger does not require authentication. It is simply an incoming message to an obscure endpoint.
ajagnanan
commented
8 years ago oh, wouldn't it be better to secure it with meshblu_auth_uuid and meshblu_auth_token in case those endpoints get compromised?
brianehlert
commented
8 years ago There are arguments for either way. Personally, since the trigger is a flow, I filter on the content of the message to ensure that it is what is expected. There are other operators such as change, debounce, etc.
IMHO, if someone guesses yurt trigger URL (with two random UUIDs), that is pretty good.
ajagnanan
commented
8 years ago I was thinking of adding a token to the payload in order to verify it. Thanks for responding. I'll close out ticket.
I was testing triggering a flow with this command:
with no auth headers and it worked. Is that supposed to happen?