Details
Description
Currently, when using any available API in 3scale API Docs, is it possible sending the requests (cURL command) with the access_token as query parameter. As example the Application List (all services) API below:
curl -v -X GET "https://<ADMIN_PORTAL_DOMAIN>/admin/api/applications.xml?access_token=<ACCESS_TOKEN>&page=1&per_page=500"
The paramType is hard coded to allow only query parameters and not HTTP headers:
{ "name": "access_token", "description": "A personal Access Token", "dataType": "string", "required": true, "paramType": "query", "threescale_name": "access_token" },
It seems that passing the access_token as query parameter is insecure and a customer is requesting that when using the 3scale API Docs be allowed passing the access_token as HTTP headers instead.