We have added support for more secure Notifications.

When we've encoded your media, we send a Notification to your notify_url. All the Assembly data was posted inside the transloadit field.

Starting today, this POST also contains a signature field. This field contains a hash that we calculate based on the Assembly data at hand, and your account's secret key.

Only you have this key, so you could perform the same calculation, and then know it really was Transloadit who sent you this exact data, before deciding to trust, and act on it.

Code examples for calculating the signature yourself can be found here.