REST API: api key in URL
Posted: Wed Apr 27, 2016 10:07 amHello,
It seems that the apikey is fairly sensitive in that it is what authorizes a client to access the AlarmDecoder device via REST.
Should we have the option to include this in the body via a POST call instead of on the URL via a GET call to avoid that data being logged in proxies or otherwise more easily stolen? Since the webapp does support HTTPS, the body would also be encrypted in transit.
I'm new to dealing with these types of APIs, so I may be off, but please let me know your thoughts.
Thanks!
Carlin
It seems that the apikey is fairly sensitive in that it is what authorizes a client to access the AlarmDecoder device via REST.
Should we have the option to include this in the body via a POST call instead of on the URL via a GET call to avoid that data being logged in proxies or otherwise more easily stolen? Since the webapp does support HTTPS, the body would also be encrypted in transit.
I'm new to dealing with these types of APIs, so I may be off, but please let me know your thoughts.
Thanks!
Carlin