Every request to the PingID SDK server has to be signed according to the guidelines in Server implementation > Signatures in PingID SDK.
The requests are signed with an authorization token. When you send requests to the PingID SDK server, you sign the requests so that PingID SDK can identify who sent them.
The signature secures the request by:
- Verifying the requester’s identity, and that the request was issued by someone with a valid access key.
- Protecting the request’s data by using a hash calculation and matching process to prevent tampering while it’s in transit.
- Protecting against potential replay attacks, since the request must reach the PingID SDK server before the defined expiration time.