|
|
|
|
|
|
by 256DEV
1857 days ago
|
|
|
dmlittle's concern is a valid one and for most other types of API I would definitely agree it's not the right approach. I still think it's reasonable for my use case but perhaps I should add another auth scheme as an optional alternative for the user who is concerned about their key potentially being caught in logs. Your point about the documentation is also a good one - I should probably add a specific page just about the authentication approach. Added to the to-do list! Thanks. |
|
|
https://:[API_KEY]@v6.exchangerate-api.com/v6/latest/USD
If you only have an API key and not a token (username) and secret (password) I recommend passing the API key as a password as some logging solutions do log the basic auth username in the data recorded.