How can I validate that a request is originating from a particular canister?

saikatdas0790 · September 1, 2023, 12:57pm

We can already set headers from inside a canister. How would this be different?

A rogue actor impersonating our canisters could add the “From-Canister-Id” header when sending requests to our service is what I understand.

Please elaborate if I’m missing something

infu · September 1, 2023, 12:59pm

Yeah, well the system making the request can disallow the canister from setting that particular header and overwrite it

Topic		Replies	Views
Non replicated HTTPS outcalls Developers	20	1388	August 30, 2024
User-Orchestrated Inter-Canister Calls \| Obtaining the Certificate Inside a Canister? Developers	0	101	April 30, 2024
How to make caller verification Developers	4	69	May 31, 2025
HTTP inbound call - Internet Identity authentication Programs & Applications	4	770	January 10, 2025
Feature Request: Mechanism to figure out if a call to a canister comes from canisters belonging to the same project Developers	8	730	March 24, 2023