|
|
|
|
|
|
by dndn1
1119 days ago
|
|
|
A stackoverflow answer on this: https://stackoverflow.com/a/499594 I don't think proxy servers or sniffers see GET data - it's encrypted, assuming HTTPS of course.
Server logs might be an issue.
Browser logs and accidentally sharing is definitely a bigger issue. Less of a concern if API is only used behind the scenes by apps though. Disclaimer: I'm not an auth expert! |
|
|
Proxies with MITM (mostly corporate) would see everything, because they are terminating client SSL/TLS.