[ARIN-consult] Consultation on API Key Handling
John Curran
jcurran at arin.net
Thu Aug 8 13:31:54 EDT 2024
> On Aug 8, 2024, at 12:52 PM, Richard Laager via ARIN-consult <arin-consult at arin.net> wrote:
>
> On 2024-08-08 10:20, ARIN wrote:
>
>> By adding functionality to allow the API keys to be shared as a header parameter, ARIN would create an option for customers who prefer to encrypt their API keys.
>
> Headers and body are equally encrypted when using HTTPS, so I do not understand this sentence.
Apologies - this is less clear than it could be… URLs are often obtainable in plain-text via web server & caching logs – thus providing an option for passing their API password via header parameter gives customers the ability to avoid having their API password exposed in this manner.
Thanks,
/John
John Curran
President and CEO
American Registry for Internet Numbers
More information about the ARIN-consult
mailing list