This release introduces request verification to the App Framework. Request verification enables you to verify that requests received by your app's backend have come from Contentful, and reject those that aren't.

App developers can do this by establishing a shared secret, which Contentful then uses to sign any requests coming from app events or your app frontend. The signature in these requests can then be verified in your app backend.

Now that App Definitions support both a shared signing secret and multiple key pairs, we have combined these options under the new Security tab on the app settings page in the web app.

Learn more by reading our guide on request verification or the API documentation.