How to validate that http request came from box skill
According to docs: Box skill has security keys where, once your app is enabled, Box will send events to your invocation endpoint. Use these keys to verify that the event sent to your app came from Box.
I see box-signature-primary and box-signature-secondary but those strings dont match what I see in the box developer portal.
Link below talk about the event payload but not sure which one of these refer to the security keys?
Please sign in to leave a comment.
Comments
1 comment