13

API Documentation: All API request should be made over https connections.

Me: Ok, (sees url bar), SECURE, good!

(sees curl code)

curl -X GET 'http://shittyapi.com/api/v2/users'

Me: (gasps) huh?

(heads to http://shittyapi.com/api/v2)

Me: Ok, (sees address bar) NOT SECURE

.
.
.
.
.

(long silence)

Comments
  • 3
    Unpopular opinion: http is fine for get requests
  • 1
    @sharktits @teganburns

    It returns NGINX BAD REQUEST because https is required, and THEY THEMSELVES use only http for the API. WTF??
  • 1
  • 2
    @sharktits depends on the content and whether there is a cookie for this site.
    But in the age of letsencrypt https should be mandatory.
  • 2
    @sharktits thats literally saying "because you use this protocol, the data should not be encrypted." the only factor in deciding if data should be encrypted is the data itself, and if it's necessary to be encrypted.
Add Comment