Skip to main content
Answered

Identity Verification expiration time


Is there a way to expire a HMAC hash for identity verification? How long does the hash last if the secrets are not rotated? Rotating a secret requires downtime so it is not ideal. If a HMAC signature is leaked, it can be use by anyone to impersonate a user. Unless I am misunderstanding..

Best answer by Ebenezer.Laleye

Hi @Darren Zou ! Ebenezer here from Engineering Support👋.

The HMAC hash value for Identity verification doesn’t expire. If you do fear that the secret key has been leaked you would need to get in touch with us to rotate it, this can ben done in under 5-10mins.

 

Hope this helps!

 

View original
Did this topic help you find an answer to your question?

3 replies

  • Author
  • New Participant
  • 1 reply
  • May 22, 2024

Julia G
Employee
Forum|alt.badge.img
  • Employee
  • 6 replies
  • May 22, 2024

Hey @Darren Zou I work on Fin AI Agent so have connected to a more relevant team to help you out with this!


Forum|alt.badge.img+4

Hi @Darren Zou ! Ebenezer here from Engineering Support👋.

The HMAC hash value for Identity verification doesn’t expire. If you do fear that the secret key has been leaked you would need to get in touch with us to rotate it, this can ben done in under 5-10mins.

 

Hope this helps!

 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings