Question
Does a customer need to use API secret and a signature?
Can a signature be used to authenticate a request?
Is a signature sufficient authentication?
Answer
Our platform will accept requests requests with an incorrect or missing api_secret parameter value if the user is including a signature in their API request. The api_secret is then ignored. We'll only check for the validity of the signature.
Articles in this section
- [Internal] What information do we collect from visitors to the website?
- [Internal] Why are API requests with the wrong API secret accepted?
- [Internal] From which countries can customers not sign up for Vonage API?
- [Internal] How can I download the entire phone book for an account?
- [Internal] HTTP POST Method Error 411 Length Required
- [Internal] Add an MD5 Signature to Customer Callbacks
- [Internal] Do we support self-signed certificates for callbacks?
- [Internal] Timeouts Towards REST.nexmo.com
- [Internal] Numbers assigned to my account not showing on my dashboard
- [Internal] How long should the TTL for a customer dashboard last?