Question

API security and api_key

  • Posted January 12, 2013

Hello,

I’m wondering if the choice of placing the api_key in the api URL requests is a good one. Is that insecure since this is not passed within a POST body? Shouldn’t this be a secret encrypted in the body using HTTPS?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Thanks.

Here is a link to more information on HTTPS. <br> <br>http://en.m.wikipedia.org/wiki/HTTP_Secure

The URL path and parameters are all sent encrypted.

Both the website and the API are served via HTTPS only and we are integrating API keys into the API to launch new servers, and will also integrate adding / removing SSH keys as well. <br> <br>That should be ready by late January or February.