Jump to content

Consistency across all API Functionality


Recommended Posts

I would like to see all API's available in PasswordState to be consistent in operation and setup.

 

Many of the issues I have come across and reported have been because of the inconsistencies in the available APIs and lack of clarity or conciseness in the documentation.

Some MUST have the APIKey in the json body to work, whereas others can have it in the body or the Header.

Since the APIKey is relevant to security and NOT the actual REST function, it doesn't seem logical that it is included in the body of the requests.

 

This consistency includes any/all of the following:

- All work using the APIKey in the Header field as specified (currently not all do)

- All sets of APIs include a search function (missing for security groups, documents)

- A Global API Key that works for ALL API Calls, not just a subset

- A System Setting to disable APIKey used anywhere except in the header (thus allowing backward compatibility, but supporting strict compliance).

 

I would also recommend the ability to pass the APIKey in the query string be removed completely, as it is insecure.

 

Link to comment
Share on other sites

Thanks Steve.

 

For anyone else reading this request, please refer to the examples API calls for where the API Key can be specified, and we will endevour to be more specific in our documentation.

Also, removing API Keys from the querystrings may be problematic, as it will break calls for customers using this method - which is why we provide options if required.

Regards

Click Studios

Link to comment
Share on other sites

  • 4 months later...
  • 7 months later...

Hello Everyone,

 

Just letting you know this feature is now complete, and included in the version 9 release.

 

To upgrade, please refer to either of the documents below, from our documentation page here - https://www.clickstudios.com.au/documentation/default.aspx 

Regards
Click Studios

Link to comment
Share on other sites

 Share

×
×
  • Create New...