@AdnanErlansyah-nx7xp

So the only way we can check this secret key to ensure it's valid, we must identify it from the backend which they also have a secret that can compare both of them?. right sir?

@AdnanErlansyah-nx7xp

Oh yeah one thing again, Wouldn't be that secret key will be reveal on the headers or params when the request is sent? or it's still hide?