HTTP Integration Security


What are your suggestions for securing endpoints that consume the HTTP integration POSTs?

I can do IP whitelisting but obviously that is not particularly strong defense.
Based on the guide here: github does some sort of secret hashing with the request body but as far as I can tell, this is not possible with static headers that the current integration supports.

Is there something I can do with the current version to ensure the messages are coming from the lora-app-server in my downstream application?



Did you find any solutions? Even I am looking at the option of how to secure this http integration, is there a wayI authenticate the endpoint using username and password.

Thanks in advance,

1 Like

It will be more secret if you know how to design a good website :smiley:

That is why you can add headers :slight_smile:

ahh yea sorry i didn’t realise. Thank you

Maybe this is a philosophical question but, adding static headers, is considered secure for an application integration? If we are using tokens for example, shouldn’t they be renewed from time to time (hours?)
Is that possible to implement in Chirpstack?