Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Can't Do
Priority: Major
Fix Version/s: None
Affects Version/s: SaaS, 2.10 GA
Component/s: System
Labels:
- support

Blocked:
False
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

SFDC Cases Links:
SFDC Cases Counter:

Description

Currently, when using any available API in 3scale API Docs, is it possible sending the requests (cURL command) with the access_token as query parameter. As example the Application List (all services) API below:

curl -v -X GET "https://<ADMIN_PORTAL_DOMAIN>/admin/api/applications.xml?access_token=<ACCESS_TOKEN>&page=1&per_page=500"

The paramType is hard coded to allow only query parameters and not HTTP headers:

{
 "name": "access_token",
 "description": "A personal Access Token",
 "dataType": "string",
 "required": true,
 "paramType": "query",
 "threescale_name": "access_token"
 },

It seems that passing the access_token as query parameter is insecure and a customer is requesting that when using the 3scale API Docs be allowed passing the access_token as HTTP headers instead.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Gustavo Pereira

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021/09/28 5:21 PM

Updated:: 2023/11/29 4:28 PM

Resolved:: 2023/04/12 10:02 AM