We would like to announce a change to the way signature authentication works. This change will become effective next Thursday, December 18 at 10 AM UTC.
If you have signature authentication enabled right now, you do not need to do anything and can disregard this message. If you have the setting disabled, and are not looking to supply signatures now or in the future, you can also skip this post.
Otherwise, please read this carefully.
Thus far, you could specify whether you would like us to evaluate provided signatures on
The problem with this is that there is no easy way to test your signature implementation in a live production environment with many uploads. Enabling the setting later on would be risky. We could perhaps provide signature fixtures on the page above to compare, but that would hardly give the confidence to use a custom implementation in production.
People looking to upgrade to signature authentication would now often use dedicated developer accounts with Transloadit. Starting next Thursday, we will change how this setting works to avoid the creation of custom developer accounts. If the setting is:
- disabled: supplying signatures won't be mandatory, but if you do supply them, we will evaluate them and potentially reject the API request.
- enabled: supplying signatures is mandatory. All requests without a valid signature will be rejected.
This will make it much easier for people looking to enhance security to test signatures. Just supply a signature with a few test
Important: Please check whether you are supplying signatures to your requests right now, even though the setting is disabled. It is possible that you are supplying wrong signatures, which means your uploads could start failing as of next Thursday, even if the setting is disabled. We will automatically email you about failures as a result of this, but it is nevertheless important to check this in advance.
We will also introduce a related feature next Thursday: we will make it possible to not only require signatures account-wide, but also on a
As always, if you have any questions about this, please let us know!