Add request signing for API-to-API communication


## Description
Internal API-to-API communication has no request authentication mechanism beyond network-level controls. Implement cryptographic request signing for internal services.

## Acceptance Criteria
- [ ] HMAC-based request signing for internal APIs
- [ ] Timestamp-based replay protection (5min window)
- [ ] Key rotation with overlapping validity periods
- [ ] Signature verification middleware
- [ ] Audit logging for inter-service calls
- [ ] Performance impact assessment

## Technical Scope
- backend/src/middleware/
- backend/src/services/signature-verification.ts
- Edge: clock skew tolerance, signature generation for large bodies, key compromise


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add request signing for API-to-API communication #400

Description

Acceptance Criteria

Technical Scope

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add request signing for API-to-API communication #400

Description

Description

Acceptance Criteria

Technical Scope

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions