HTTP Integration Security


#1

Hello,

What are your suggestions for securing endpoints that consume the HTTP integration POSTs?

I can do IP whitelisting but obviously that is not particularly strong defense.
Based on the guide here: https://simpleisbetterthancomplex.com/tutorial/2016/10/31/how-to-handle-github-webhooks-using-django.html github does some sort of secret hashing with the request body but as far as I can tell, this is not possible with static headers that the current integration supports.

Is there something I can do with the current version to ensure the messages are coming from the lora-app-server in my downstream application?

Regards,
-Eric


#2

Hi,

Did you find any solutions? Even I am looking at the option of how to secure this http integration, is there a wayI authenticate the endpoint using username and password.

Thanks in advance,


#3

It will be more secret if you know how to design a good website :smiley:


#4

That is why you can add headers :slight_smile:


#5

ahh yea sorry i didn’t realise. Thank you