Users are authenticated by the api but agents should have verification as well.
At a minimum, when an agent calls to the api, it should be checked against the database, if their is a match then we know an authenticated user created that agent.
This will alleviate any script injection or zombie agent usage.
Users are authenticated by the api but agents should have verification as well. At a minimum, when an agent calls to the api, it should be checked against the database, if their is a match then we know an authenticated user created that agent. This will alleviate any script injection or zombie agent usage.