Why auth_token for POST transmissions(Bulk processing) has been deprecated? Can we still implement this?

matomo-org / matomo-sdk-android

SDK for Android to measure your apps with Matomo. Works on Android phones, tablets, Fire TV sticks, and more!

BSD 3-Clause "New" or "Revised" License

390 stars 162 forks source link

Why auth_token for POST transmissions(Bulk processing) has been deprecated? Can we still implement this? #321

Closed suada-haji closed 3 years ago

suada-haji commented 3 years ago

Hey all, If we set bulk_requests_require_authentication to 1 in our config file, with the current implementation we are not able to add auth_token for POST transmissions.

This implementation existed previously and was removed. Any thoughts how we can implement this now?

d4rken commented 3 years ago

Because it's not secure. The token would have to be stored client-side, in every users installation, and would be trivial to obtain.

You can pass anything manually as parameter to a TrackMe instance, but I strongly advise against it.