What is the best way to secure an Iframe extension coming off a primary action button:
Issue 1: There doesn't seem to send X-HubSpot-Signature on Iframe GETs. There appears to be no sha256 hash checking on these requests (couldn't see one when logging header outputs). Guessing I will need to create some kind of request token on my end?
Issue 2: What's the best way to identify users? Simply add a token to the Iframe URL?
When it hit's my iFrame endpoint it only seems to send pretty basic data be default: