Closed akil-rails closed 2 months ago
The GET /api-registry works without any auth reference doc.
This means that anyone can access our api specification (if they obtain the registry-UUID in some way) . The api-registry should require access to the project like other APIs.
Hi! We're aware of this and this was an intentional decision to allow people to use api to create on-the-fly SDKs.
erunion
commented
2 months ago
The GET /api-registry works without any auth reference doc.
This means that anyone can access our api specification (if they obtain the registry-UUID in some way) . The api-registry should require access to the project like other APIs.