When using the REST API you are supposed to authenticate with the api_key parameter in the querystring.
A lot of logging systems automatically store querystrings in their access-logs so this is security-wise considered bad practice.
It would be better to also he able to authenticate by putting the api_key in the header.
I have tried and it does not look like it is used if i only move the property to the header. Has anyone gotten this to work?
Best answer by Brian TurcotteView original