N
Novu11mo ago
SHG-TV

Security, when fetching from notification-center

Hey folks, we want to use novu notification center and have found a security concern. (most likly, because we missed something i guess) How does the apis/notification center ensure, that only authenticated users are able to fetch their data and cannot change data of other subscribers? we are using oAuth2 jwt-token auth for our own services.
6 Replies
Pawan Jain
Pawan Jain11mo ago
@SHG-TV We have HMAC encryption feature for this Checkout this doc to learn more about HMAC https://docs.novu.co/notification-center/client/react/get-started#hmac-encryption
SHG-TV
SHG-TVOP11mo ago
great article, but a little hidden, exspecialy, when not using react. Thank you very much 🙂
Pawan Jain
Pawan Jain11mo ago
This option is available in all other frameworks like angular, vue as well in iframe, web component and headless What do you think? What should be the better place to highlight this feature in docs?
SHG-TV
SHG-TVOP11mo ago
I would suggest to move HMAC Section into a section under Notification Center called Authorization / HMAC Maybe also considder move all not library specific thing one level up + write a hint, that examples are in react. (only my preference) Another idea would be to put it or a link under Providers -> In-App
Pawan Jain
Pawan Jain11mo ago
Thanks for the feedback. We will highlight this section in all of the libraries and provides -> in-app
SHG-TV
SHG-TVOP11mo ago
Thank you very much, very appreciated ❤️
Want results from more Discord servers?
Add your server