HTTP Integration Security


#1

Hello,

What are your suggestions for securing endpoints that consume the HTTP integration POSTs?

I can do IP whitelisting but obviously that is not particularly strong defense.
Based on the guide here: https://simpleisbetterthancomplex.com/tutorial/2016/10/31/how-to-handle-github-webhooks-using-django.html github does some sort of secret hashing with the request body but as far as I can tell, this is not possible with static headers that the current integration supports.

Is there something I can do with the current version to ensure the messages are coming from the lora-app-server in my downstream application?

Regards,
-Eric