Some objects have authinfo and this must be used by the client during some requests.
e.g. domain transfer may require including token en possible object roid in request.
this authinfo.is the only reason we need request xml messages for some requests, can we transmit the authinfo suing other mechanism so we can eliminate the need for a request message?
using a http header? this will probable only work for token/password based authinfo.
is this a problem? probably 99% of epp deployments use simple tokens?
added REPP-roid header for use together with EPP-AuthInfo header, this means only tokenbased auth is supported by repp.
need feedback from other registries to find out if this is an issue
Some objects have authinfo and this must be used by the client during some requests. e.g. domain transfer may require including token en possible object roid in request.
this authinfo.is the only reason we need request xml messages for some requests, can we transmit the authinfo suing other mechanism so we can eliminate the need for a request message?
using a http header? this will probable only work for token/password based authinfo. is this a problem? probably 99% of epp deployments use simple tokens?