First of all this is highly discouraged way of sending the access token, mainly because you will find it in the http access logs. Still if you want to go ahead an implement it, it must follow the specification at [1]. However we should discourage using this approach.
[1] https://tools.ietf.org/html/rfc6750#section-2.3 On Fri, Nov 21, 2014 at 8:28 PM, Sam Sivayogam <[email protected]> wrote: > Hi all > > I’m developing $Subject for APIM > > Currently the access token is passed in the Authorization header and now > i’m planning to Implement this feature by sending access token in the > query string using the parameter name "authkey" as shown below, > > Eg :- > http://10.100.5.192:8280/twitter/1.0.0?q=wso2&authkey=1ba411b161bd88a6c744e435a3a1b56 > > I'm planning to implement this feature on GET & DELETE since we usually > pass the parameters to these methods > > Since the query parameter value will be in plain text do I need to worry > about the security? > > WDYT? > > Regards > -- > *Sam Sivayogam* > > Software Engineer > Mobile : +94 772 906 439 > Office : +94 112 145 345 > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
