Skip to contents

This route is a simple authentication method that limits requests based on whether they are in possession of an agreed upon shared secret. Be aware that if the request is send over HTTP then the secret will be visible to anyone intercepting the request. For this reason you should only use this route in combination with HTTPS or accept the probability that the secret is exposed. If no shared secret is provided with the request or if the shared secret doesn't match a 400L Bad Request response is returned.

Usage

shared_secret_route(secret, header)

Arguments

secret

The secret to check for in a request

header

The name of the header to look for the secret

Value

A Route object

See also

Other Route constructors: asset_route(), openapi_route(), ressource_route(), sizelimit_route()