Worker "clients" for analyzing media content. Pamaxie is a Natural Learning API for accessing several Neural Networks and hand-crafted algorithms for moderating content on platforms.
Currently the Authentication flow for the API doesn't use HTTP standards.
The issues we are currently aware about are:
We don't use a Basic authentication in the header for the initial authentication but we use the Body of the initial request. This is a Security concern.
We require an object to re-authenticate which contains the user id. This is completely unnecessary as bearer tokens can be decoded to find the user who originally authenticated to re-auth them.
Some of the methods use Post. Thats not correct. The authentication should use Get Methods defined by rfc7235.
If the login credentials are incorrect we need to return a 401 unauthorized.
Currently the Authentication flow for the API doesn't use HTTP standards. The issues we are currently aware about are:
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication for more info and things we are maybe doing wrong. Please fix this.