REST API: api key in URL

General Discussion
Post a reply

REST API: api key in URL

Postby cw76 » Wed Apr 27, 2016 10:07 am

Hello,

It seems that the apikey is fairly sensitive in that it is what authorizes a client to access the AlarmDecoder device via REST.

Should we have the option to include this in the body via a POST call instead of on the URL via a GET call to avoid that data being logged in proxies or otherwise more easily stolen? Since the webapp does support HTTPS, the body would also be encrypted in transit.

I'm new to dealing with these types of APIs, so I may be off, but please let me know your thoughts.

Thanks!
Carlin
cw76
newt
newt
 
Posts: 15
Joined: Thu Oct 29, 2015 2:32 pm
Top

Re: REST API: api key in URL

Postby kevin » Wed Apr 27, 2016 12:09 pm

In future versions it will be part of Authorization Header, for now we had to get something usable out the door.
Not an employee of the company. Just here to help and keep things clean.
kevin
Platinum Nut
Platinum Nut
 
Posts: 994
Joined: Fri Aug 16, 2013 10:10 am
Top

Re: REST API: api key in URL

Postby cw76 » Wed Apr 27, 2016 1:13 pm

Great, thank you!
cw76
newt
newt
 
Posts: 15
Joined: Thu Oct 29, 2015 2:32 pm
Top
Post a reply

Return to General

Who is online

Users browsing this forum: No registered users and 12 guests

Powered by phpBB® Forum Software © phpBB Group
cron