This looks like exactly what I need for securing my simple API, however, the example usage makes it seem like I can easily set an API key, pass that as a Bearer token and be done with it, however, I'm starting to suspect that the HTTP signature signing is not optional. Is this correct? If so, why isn't that part of the example?
This looks like exactly what I need for securing my simple API, however, the example usage makes it seem like I can easily set an API key, pass that as a Bearer token and be done with it, however, I'm starting to suspect that the HTTP signature signing is not optional. Is this correct? If so, why isn't that part of the example?