Contents tagged with Security

  • Are You Or Your Customers Leaking Your API Keys?

    Several months ago I wrote a post called Where, oh where, does the API key go?  I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs.  I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access. Continue reading...

  • 1

comments powered by Disqus