Albert Casademont

My feedback

  1. 72 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  8 comments  ·  Cloud Pub/Sub  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Albert Casademont commented  · 

    For me, ideally, when setting up a push subscription a random secret would be generated and a header with an HMAC with the message content and the secret would be passed as a header in the POST request, much like webhooks work. This way you could authenticate that the message is valid.

    Right now we have to manually set up the secret in the URI, but the URI has the problem that gets logged everywhere, thus exposing the secret to a lot of people.

Feedback and Knowledge Base