Ah, my bad. Sorry. But couldn't you then just make the call to an echo service (... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lillesvin 3 months ago \| parent \| context \| favorite \| on: A Tale of Two AI Failures: Debugging a Simple Bug ... Ah, my bad. Sorry. But couldn't you then just make the call to an echo service (like HTTPbin) or simply dump the request when you send it?

kichik 3 months ago [–]

The echo server will have no knowledge on how to construct the string to be signed.

lillesvin 89 days ago | [–]

But neither does the actual server. HMAC only verifies that the message is from whoever it claims to be from and that it is intact. It won't know what you intended the body of the request to look like.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact