Because you now have to add Windows accounts to use basic auth (why?), we should implement a static
security key query parameter which should be passed to all endpoints and checked. This just adds another layer of security in case someone uses subdomain sniffing to discover the login page.
Because you now have to add Windows accounts to use basic auth (why?), we should implement a static security key query parameter which should be passed to all endpoints and checked. This just adds another layer of security in case someone uses subdomain sniffing to discover the login page.