Hardening access to customer information in client-side applications
As part of the frontend integration with Stigg customer information is accessed using a Client API key which is publicly accessible to anyone.
While the Stigg backend limits access to customer information to a minimum, additional security measures can be taken to ensure that the request is indeed from the requesting user.
We've added the ability to sign and verify the identity of requests to access customer information from the frontend. Under the hood, the mechanism leverages the HMAC SHA256 to sign the requests.
We recommend all customers to enable the hardening mechanism in their client-side applications.
More details about this security measure and how to enable it can be found here.