Why are HMAC signatures frequently used for webhook authorization but not other HTTP API requests?
HMAC signatures are very commonly used for webhook authorization from service to consumer.
Examples:
Stripe
Slack
Twilio
Twitter
GitHub
and hundreds and hundreds more. This seems a near universal design decision.
Yet, the other direction… Continue reading Why are HMAC signatures frequently used for webhook authorization but not other HTTP API requests?