Currently, my project is using Hmac-SHA256 to do the authorization in APIM.
We are struggle with how to generate, transmit and store the secret key between client side and ours. Is there any secure way to do this?
What I have tried:
For now, we are generating the secret key through openssl and transmit it via email, apparently, it is not the proper way. :(