Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

requests by API key not by admin UN and PW

Hatim Makki shared this idea 1 year ago
Completed

Usually every POST request requires the username and the password of the admin.

I think in security point of view, if the company has an android app that requires an API POST or GET requests, it should send the API key instead of the admin UN and PW.

The reason is, why could "a user" submits the admin's information?if the user succeed getting his phone communication data through wifi, he could get the admin's information.

So, I think the solution is to make the requests require API key instead of the admin info to increase the API security level.

Comments (1)

photo
1

Hi,

Thanks for your suggestion. I'm pleased to advise that in version 7.2 we introduced API Credentials: https://docs.whmcs.com/API_Authentication_Credentials