Using a GET request for handling sensitive data || Endpoint expecting incorrect parameters

Posted in General by Mike Resoli Mon Apr 04 2016 11:11:29 GMT+0000 (UTC)·6·Viewed 742 times

May I point out that your `/user/login` endpoint uses the `GET` method, which should not, under any circumstance, be used for sensitive data. Is there any particular reason you are using this method over the `POST` method? Furthermore, the `/user/login` endpoint returns this error: `{"status":"false","reason":"api or project key missing"}`. Seeing as the `/user/login` endpoint does not require either, why is it returning this response? Thanks in advance.
Mike Resoli
Apr 4, 2016

I have tried using the Try It Out section, and it works fine. However, if I copy that URL into the browser it gives me the error.

Mike Resoli
Apr 4, 2016

I have figured out the second part of my query. I've submitted an edit for your docs regarding this.

Pino Motta
Apr 4, 2016

I have installed curl for windows and used:
curl -s -S -X GET -H "content-type:application/json" -H "apikey:WeavedDemoKey\$2015" https://api.weaved.com/v22/api/user/login/youraccount@email.com/your_weaved_password

i have used my account and password , but i have this error:
{"status":"false","reason":"api or project key missing"}.

it's possible connect from windows to my raspberry ssh without use the web page?
Thanks
Reguards
Pino

Mike Resoli
Apr 4, 2016

"apikey:WeavedDemoKey\$2015" try removing the backslash between WeavedDemoKey and $2015

Mike Resoli
Apr 4, 2016

I've created a GitHub repo with a small CLI that I wrote for interacting with Weaved. It allows you to retrieve connection information through a command line. The program itself is written in Python.

https://github.com/mikeres0/weaved-cli

Pino Motta
Apr 5, 2016

I've remove backslash and it's OK.
Thanks Mike.
Ciao

  
Markdown is allowed