Good read. Seeing signatures used more and more actually, I wonder from a tech point of view if that’s trust or easier to consume? Slack and Alexa both put the sig data in the API response headers so the entire body is signed, always going to be based on trust somewhere