Signing to prevent MIM attacks

Am fairly new to Frappe. Been working only for the last 3-4 months.

Am in a situation where the data that is sent to the web (mostly API) needs to be signed. This is to ensure that there is no man-in-the-middle attacks.
For this am trying to figure out if Frappe has a way to intercept the calls before they are handed over to the api ?

Any help or hint would be greatly appreciated.

There are a few posts that talk about middleware that can be configured in But didn’t find any documentation of that in the frappe docs.

Thanks much

This isn’t supported out of the box but should be easy to implement.

Refer Hash-based Message Authentication Code (HMAC) - Docs

TBH I don’t see MUCH point in signing the response… you can trust HTTPS/TLS to work.

1 Like

Thanks very much @ankush
Full agree that in most cases HTTPS should be sufficient.
The particular business case demands me to implement signing as a security measure.

But your hints do help me a lot !

Thanks again.