You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not authenticating/authorising the person who sent the original email. This is to lock down access to the group-mailer's API so that it can only be triggered by the group-mailer-receiver lambda.
There should be a shared secret token between the group-mail-receiver and the group-mailer. It will probably be specified in the infra repo and supplied to the two of them via an environment variable
The group-mail-receiver should send the shared token as an Authorization header when making HTTP POST requests to the group-mailer's mail endpoint
The group-mailer should refuse any requests to that endpoint that do not contain the secret token
This is not authenticating/authorising the person who sent the original email. This is to lock down access to the group-mailer's API so that it can only be triggered by the group-mailer-receiver lambda.
Authorizationheader when making HTTP POST requests to the group-mailer'smailendpoint