Closed mbomb007 closed 1 month ago
alexander0042
commented
1 month ago Thank you so much for opening this! It's a great point, and actually is already a thing (credit to Kong), and will be added to the V2.3 documentation. They keyword here is apikey, passing that with a value of your Apiable key should work so long as there's some alphanumeric text in the URL where they key would be. Not sure anyone would ever use it, but it also works as a url query parameter: ?apikey=....
mbomb007
commented
1 month ago Thank you so much for opening this! It's a great point, and actually is already a thing (credit to Kong), and will be added to the V2.3 documentation. They keyword here is
apikey, passing that with a value of your Apiable key should work so long as there's some alphanumeric text in the URL where they key would be. Not sure anyone would ever use it, but it also works as a url query parameter:?apikey=....
So what should the API URL be, then? It is listed as https://api.pirateweather.net/forecast/{api_key}/{lat},{lon}. Should that become the following?
https://api.pirateweather.net/forecast/{lat},{lon}with the header apikey: ... provided?
alexander0042
commented
1 month ago Sorry, should have been more clear. It still needs something there for path matching to work, but isn't used. So the syntax is:
''' https://api.pirateweather.net/forecast/{anythingAtAll}/{lat},{lon} '''
And then the 'apikey' header/ value combo. Maybe "KeyInHeader" would be a nice string to put there to make troubleshooting easier, but honestly doesn't matter at all.
Describe the feature
The documentation says to keep the API key secret. However, requiring the API key to be in the URL makes that difficult, as request URLs show up frequently in logs and error messages, which risks exposure of the API key in various places. Ideally, you would accept a header like
If this is already supported in some way, it should be documented.
Acknowledgements