undefined | Better HN

0 pointsbduerst10y ago0 comments

How does this handle authenticated requests?

For example, does it store OAuth tokens and refresh on your behalf?

0 comments

The Maker Channel Action doesn't support authenticated requests, at least anything beyond something you could send in the URL or body of the message. We do this to prevent people from using it to spoof requests to public authenticated services that might view such behavior as slightly "shady". The Maker Channel is really meant for prototyping and experimenting and so we've limited the capabilities to keep the uses in that realm. Hope that helps!

xg1510y ago

That's somewhat of a bummer, as it also forces all legitimate users to leave their endpoints acessible for everyone who knows the URL.

Have you thought about at least adding support for authentication where the credentials are generated by IFTTT? (Similar to the "secret" that you use for the trigger) This would allow makers to protect their endpoints while still disallowing spoofed requests.

bduerstOP10y ago

Why not make it a paid service then? I'd pay a couple dollars a month to have this ability, and you'd raise the bottom line for spammers.

j / k navigate · click thread line to collapse