0

In API, allow the apikey (and potentially other data) to be passed via JSON in a POST request.

Steve Shipway 2 weeks ago 0

When calling the API, the apikey is passed in the Querystring as an argument.  This is suboptimal as this may result in it being written into log files, leaking information.


Better, and more secure, would be for the apikey to be passed via JSON in a POST body, possibly also along with the various other parameters currently found in the path_info string.