You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When `--studioAuthKey` is provided, every incoming request must include an `X-ZenStack-Signature` header in the format `t=<unix timestamp>,v1=<base64url signature>`.
58
+
The signed message format matches ZenStack Studio: `payload + timestamp [+ authorizationToken]`.
59
+
60
+
- For `GET` and `DELETE` requests, `payload` is the raw query string without the leading `?`.
61
+
- For body-based requests, `payload` is the exact JSON request body string.
62
+
- For requests without query params or a request body, `payload` is an empty string.
63
+
- If an `Authorization: Bearer <token>` header is present, append `<token>` to the signed message.
0 commit comments