N
Novu4mo ago
SHG-TV

Security, when fetching from notification-center

Hey folks, we want to use novu notification center and have found a security concern. (most likly, because we missed something i guess) How does the apis/notification center ensure, that only authenticated users are able to fetch their data and cannot change data of other subscribers? we are using oAuth2 jwt-token auth for our own services.
6 Replies
Pawan Jain
Pawan Jain4mo ago
@SHG-TV We have HMAC encryption feature for this Checkout this doc to learn more about HMAC https://docs.novu.co/notification-center/client/react/get-started#hmac-encryption
SHG-TV
SHG-TV4mo ago
great article, but a little hidden, exspecialy, when not using react. Thank you very much 🙂
Pawan Jain
Pawan Jain4mo ago
This option is available in all other frameworks like angular, vue as well in iframe, web component and headless What do you think? What should be the better place to highlight this feature in docs?
SHG-TV
SHG-TV4mo ago
I would suggest to move HMAC Section into a section under Notification Center called Authorization / HMAC Maybe also considder move all not library specific thing one level up + write a hint, that examples are in react. (only my preference) Another idea would be to put it or a link under Providers -> In-App
Pawan Jain
Pawan Jain4mo ago
Thanks for the feedback. We will highlight this section in all of the libraries and provides -> in-app
SHG-TV
SHG-TV4mo ago
Thank you very much, very appreciated ❤️
Want results from more Discord servers?
Add your server
More Posts
MS Team notification input value substitutionI was trying to create a notification in MS Teams that could send a string to a url through an api cHandling complex "delivery time" user preferencesWe have a system where user may want to suscribe to certain "events" that happen in the system, in aAPI Cors ErrorI run it with postman successfully, but when I run it with react I get a cors error.Deploying the novu backend on digital ocean.Does anyone have any resources or how I can deploy novu on digital ocean. I am having issues with pnBest Way to Handle Notifications for Different Feeds / ContextsI have a variety of custom notification cards. I want to be able to use them and change them dependiHow Can I view Topics on Novu?I implemented Topic CRUD but I can't view the new topics created on the platform. Is it possible to Triggering event from laravel backend.I am running my novu locally and the api is running on localhost:3000. I have also set up my laravelDigest templates with 1 event totalIt appears that digests that end up having only one trigger by the time they expire still pass step.How use dynamic date value as condition valueHow can I implement a condition to filter data based on the 'installed_on' field, specifically targeBulk subscriber using Python ScriptHello Team!! Hello Team! I have successfully added our user to Novu using a Python script. Addition