on 2018 Nov 15 8:41 PM
Hello Experts,
We are building OCC APIs for mobile application and the first concern raised by security team is they can't send credentials in API URL.
But OOB OCC authentication url looks like https://localhost:9012/authorizationserver/oauth/token?client_id=mobile&client_secret=secret&grant_t...
Is there any way we can avoid passing sensitive data like email & password in URL.
Thanks in advance.
Cheers
Anil
Request clarification before answering.
Hi Anil,
If you are using this url directly in browser then you have to pass them as parameters. But if you pass them in header. You dont need to append these id password to url. You can try this check from postman.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
22 | |
13 | |
4 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.