API consumers shouldn't have access to this knowledge, this should be strictly on the wallet side.
Why? Today I was investigation a couple of phishing websites, and both of them check if the user has auto approved or not.
Both were acting differently, but both were abusing this information.
API consumers shouldn't have access to this knowledge, this should be strictly on the wallet side.
Why? Today I was investigation a couple of phishing websites, and both of them check if the user has auto approved or not. Both were acting differently, but both were abusing this information.