When using the REST API you are supposed to authenticate with the api_key parameter in the querystring.
A lot of logging systems automatically store querystrings in their access-logs so this is security-wise considered bad practice.
It would be better to also he able to authenticate by putting the api_key in the header.
I have tried and it does not look like it is used if i only move the property to the header. Has anyone gotten this to work?
Hi
This is a great question! In our latest API release, we launched the V3 endpoints that actually do use the header authentication structure:
If you’re trying to call a legacy endpoint, then you would still have to authenticate in the query-string. Eventually, the legacy endpoints will be depreciated, so I highly recommend transitioning to the new endpoints when possible. Here’s a helpful guide that we created to help people transition from the legacy → new endpoints:
I hope this helps to clarify, and thanks for using the Community!
- Brian
That is great, thanks Brian. I will switch over to the new API.
Thank you!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.