top | item 40508623 (no title) 4death4 | 1 year ago Even if the copy the header, they can only perform a replay attack, which is an improvement over leaking an API key. Also, you could include a timestamp in the signature to limit the amount of time it could be replayed. discuss order hn newest dcow|1 year ago Sign a nonce.
dcow|1 year ago