search

credo-science / credo-webapp

Credo web application
MIT License
2 stars 6 forks source link

Authorisation for API Requests #46

Closed PascalHarris closed 5 years ago

PascalHarris commented 5 years ago

I am concerned that there is no authorisation token for requests to the API, at least for Login and Registration (I haven't yet explored further). I am concerned that this could result in pollution of the data stream by those who who seek to cause mischief.

koziomek commented 5 years ago

If I interpreted everything correctly, you are concerned there are no restrictions in place that would stop anyone from building applications that interact with the API (i. e. this is a public API). That means anyone has the ability to misuse it and try to submit data that is invalid.

I think it is a valid concern and I'll discuss this with other people responsible.

However, for now I don't think there will be any steps taken to change current behaviour of the API because as I understand, providing open API is one of the goals of the project.