SECURITY ISSUE: sending username/password in MANY api examples

I was going through the documentation and there are MANY examples where you are telling people to send username/password with EVERY api request (rather than a JWT token). This is HIGHLY insecure [https://stackoverflow.com/questions/48305695/is-it-a-bad-idea-to-send-username-and-password-with-every-request-from-a-mobile](https://stackoverflow.com/questions/48305695/is-it-a-bad-idea-to-send-username-and-password-with-every-request-from-a-mobile)

For example, Rather than

`curl -i -X POST -u {username}:{password} https://api.fastspring.com/company/{company}/subscription/{reference}/renew`

You should be using

`curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTY2MDA4NzM1OSwiaWF0IjoxNjYwMDY5MzU5fQ.bR8lgrGlzCmHKhXC1D_LF-vVmFINAVX9kgA2n-EiIbslYaix65FXB7qrPRVJxrgqhzNcdTiBOhScbujQwy0ufA" "https://api.fastspring.com/company/{company}/subscription/{reference}/renew"`

I don't know if this is the way you are actually calling apis but it should not be the suggested way to call them in the documentation.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SECURITY ISSUE: sending username/password in MANY api examples #16

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SECURITY ISSUE: sending username/password in MANY api examples #16

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions