I'm using Clojure for two years now, and still, from time to time I have some wow moments and I talk to my wife about some Clojure features and its superiority (she is a pharmacist, not a programmer, but she understands programming basics and can write very simple Python scripts). Last year I gave her a Ayn Rand's Fountainhead and she finished it a couple months ago. Yesterday she said that Clojure must be like the architecture solutions designed by Roark - practical, robust, simpler and cheaper, and still overlooked or even slurred over by most of the industry 😄

Is there a term for the style of authentication on a web api where a user signs an api request with an api key but doesn't actually send over any sensitive data? Like this: https://docs.pro.coinbase.com/#signing-a-message Also, as a stretch goal, any examples of this done on clojure/jvm?

to some degree jwt's are an attempt to standardize that pattern

no, I guess that is not quit right, jwts aren't really about signing a request

Yeah I vaguely understood jwts to be just a "password-like thing" sent over the wire rather than signing something and sending that

AWS HMAC

authenticates a request without sending credentials

pretty much ~= HMAC(secret_key, canonicalized request)

jwts are signed things you exchange, so you could use them for something like that above, but typically you exchange them for some kind of excess token instead

coinbase's API looks like AWS HMAC

it's much better than JWT

yes

Yup that seems to be it, thanks

I meant just, well, you could do it with a jwt, not that you should

yeah, maybe hmac is the right generic term for it