I think ndebit is missing a pre-authorization that the server should use to send me ndebits, without that, couldn’t any server spam me with ndebit requests?
Sorry if i misunderstood the spec
Login to reply
Replies (1)
It's an open endpoint for requests, the user would then approve or whitelist the key upon request...
This would allow request spamming of course, but since the requesting key is identity-based and not ephemeral like NWC, it allows for policies and automation around reputation that could suppress/report/ignore those