Ensuring Message Integrity with HTTP Signatures
--
In the present day, the most common approach for protecting APIs is by using shared secrets. Every time the API is called, this secret must be presented which is not that secure. Then there are other mechanisms such as OAuth which is used to enforce access control on APIs. However none of these mechanisms provide a way to ensure the integrity of the data being transferred. Also, for certain clients, shared…