cancel
Showing results for 
Search instead for 
Did you mean: 

User credentials in OCC URL

0 Kudos
799

Hello Experts,

We are building OCC APIs for mobile application and the first concern raised by security team is they can't send credentials in API URL.

But OOB OCC authentication url looks like https://localhost:9012/authorizationserver/oauth/token?client_id=mobile&client_secret=secret&grant_t...

Is there any way we can avoid passing sensitive data like email & password in URL.

Thanks in advance.

Cheers
Anil

Accepted Solutions (0)

Answers (1)

Answers (1)

VinayKumarS
Active Contributor
0 Kudos

Hi Anil,

If you are using this url directly in browser then you have to pass them as parameters. But if you pass them in header. You dont need to append these id password to url. You can try this check from postman.

0 Kudos

Hi Vinay,

Thanks for the reply, but I'm unable to test this. Could you provide an example header in Postman!

Thanks

VinayKumarS
Active Contributor
0 Kudos
0 Kudos

Thanks Vinay,

I was able to achieve this by sending x-www-form-urlencoded values