Recently, we’ve seen a few partner implementations of Reverse Auth that are incorrect. More specifically, we’ve seen signature mismatches in x_reverse_auth_parameters parameter. We wanted to give a heads up to developers to check their implementation, and cross-reference it to the design/process here:
In the interest of the security for our mutual users, incorrect implementations may no longer work in the near future. We’re here to help you review your implementation and do our best to help fix it.
Feel free to reach out to me (@rchoi) if you’re using Reverse Auth and want to discuss further.