Digital signatures on HTTP messages? That aren’t broken by proxies, or TLS terminators, or gateways that reorder the headers just for fun? That’s exactly what you get with HTTP Message Signatures. This session dives into what they are, how they work, and how they can augment or replace existing API protection mechanisms such as bearer access tokens and cookies. (Security, Architecture & Deployment, API Protection, Standards, Annabelle Backman)