bouvyd’s avatarbouvyd’s Twitter Archive—№ 2,091

  1. …in reply to @rvalyi
    @rvalyi @gurneyalex Indeed I took inspiration from other systems where the URL is usually the secret. If you want more security, I'd advise using a code action with a system Param secret + a header in the request or something
    On twitter.com Twitter logo bouvyd’s avatar Mood +3 🙂
    1. …in reply to @bouvyd
      @rvalyi @gurneyalex The problem with *enforcing* security through a header through a specific mechanism (header, param) usually means you implicitly stop supporting systems that don't allow you to configure the to other side of the request
      Permalink On twitter.com Twitter logo bouvyd’s avatar Mood -3 🙁
      1. …in reply to @bouvyd
        @rvalyi @gurneyalex IIRC in GitHub webhooks for example, you cannot include arbitrary keys in the payload, nor can you include a header. The URL is the secret
        Permalink On twitter.com Twitter logo bouvyd’s avatar Mood 0