Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
orbit0702019-07-03 13:00:12
User identification
orbit070, 2019-07-03 13:00:12

Is it ok to pass the token via parameters at the end of the URL?

Hello.
Is it ok to pass the auth token via a parameter in the url itself?
That is, for example, like this: example.com/api/getNews?token=[My Token] The
question is not about paranoia and the answers "you can hack anything" please don't, I just want to understand how it's done or not? Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2019-07-03
@orbit070

If the API, then it is much more common to use the authorization Bearer header. And so - someone does it, probably, but it’s definitely not a good practice

Similar questions
P
Pavel Belousov2014-09-10 20:18:13
Is there a ready-made solution for authorization on the page only with a password? 4Reply
I
Ilya Plotnikov2014-09-11 02:07:43
Is it possible to consolidate authorization in Yii across multiple domains? 2Reply
V
viktorross2020-11-20 02:35:22
How do sites calculate users? 1Reply
L
Leonid2016-09-26 09:32:14
Permanent token authorization from a mobile application on a Yii 1.x site - how? 0Reply
I
Ilya Livshits2016-10-03 16:13:21
React, Router and Authentication. How best to implement? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question