There's complicated authentication schemes around hmac that tries to do this, bu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gruez on May 29, 2024 \| parent \| context \| favorite \| on: API Shouldn't Redirect HTTP to HTTPS There's complicated authentication schemes around hmac that tries to do this, but if you're putting that much effort into it you might as well give up and use https.

dcow on May 29, 2024 [–]

Some of these include a nonce and/or are deployed over TLS to prevent replay attacks and avoid sending bearer tokens over the wire. AWS sig v4 and RFC7616 come to mind.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact