We would like to announce a change to the way signature authentication works. This change will become effective next Thursday, December 18 at 10 AM UTC.
If you have signature authentication enabled right now, you do not need to do anything and can disregard this message. If you have the setting disabled, and are not looking to supply signatures now or in the future, you can also skip this post.
Otherwise, please read this carefully.
Thus far, you could specify whether you would like us to evaluate provided signatures on Assembly API requests here.
The problem with this is that there is no easy way to test your signature implementation in a live production environment with many uploads. Enabling the setting later on would be risky. We could perhaps provide signature fixtures on the page above to compare, but that would hardly give the confidence to use a custom implementation in production.
People looking to upgrade to signature authentication would now often use dedicated developer accounts with Transloadit. Starting next Thursday, we will change how this setting works to avoid the creation of custom developer accounts. If the setting is:
- disabled: supplying signatures won't be mandatory, but if you do supply them, we will evaluate them and potentially reject the API request.
- enabled: supplying signatures is mandatory. All requests without a valid signature will be rejected.
This will make it much easier for people looking to enhance security to test signatures. Just supply a signature with a few test Assemblies, see if they are accepted, and deploy this code for all Assemblies when you are confident everything works. After a while, you enable the setting in your account to make signatures mandatory, and reject all requests that do not supply them.
Important: Please check whether you are supplying signatures to your requests right now, even though the setting is disabled. It is possible that you are supplying wrong signatures, which means your uploads could start failing as of next Thursday, even if the setting is disabled. We will automatically email you about failures as a result of this, but it is nevertheless important to check this in advance.
We will also introduce a related feature next Thursday: we will make it possible to not only require signatures account-wide, but also on a Template-by-Template basis. So you could have both single page apps with no server code and low-risk upload Templates, and high-risk Templates that require signatures generated by your trusted servers.
As always, if you have any questions about this, please let us know!