Комментарии:
and sample code?
ОтветитьAs a person who uses the notes app to store api keys, how do you make a vault? Also great video, it helped a lot!
ОтветитьGood practical ideas regarding the API keys! I appreciate an API key check schema at the end of presentation! Very informative!
ОтветитьI think your argument, if it is good enough for stripe then it should be good enough for you is greatly misleading. You have to account for the threat model. I’m sure the companies that use api keys have put that extra effort to secure the ecosystem. I always advocate for more security over ease of use…typically, things that have been made easier to use have hidden complexities so unless those hidden complexities are understood and accounted for the implementation could be at risk.
But also, I’m not advocating for JWT, there are better solutions. But in this scenario, JWT vs API Key, JWT. :-)
Great insights - thanks for the video. Quick question, how would you recommend generating the checksum?
Ответить