[ARIN-consult] Consultation on API Key Handling

John Curran jcurran at arin.net
Thu Aug 8 13:31:54 EDT 2024


> On Aug 8, 2024, at 12:52 PM, Richard Laager via ARIN-consult <arin-consult at arin.net> wrote:
> 
> On 2024-08-08 10:20, ARIN wrote:
> 
>> By adding functionality to allow the API keys to be shared as a header parameter, ARIN would create an option for customers who prefer to encrypt their API keys.
> 
> Headers and body are equally encrypted when using HTTPS, so I do not understand this sentence.

Apologies - this is less clear than it could be…  URLs are often obtainable in plain-text via web server & caching logs – thus providing an option for passing their API password via header parameter gives customers the ability to avoid having their API password exposed in this manner. 

Thanks,
/John 

John Curran
President and CEO
American Registry for Internet Numbers






More information about the ARIN-consult mailing list