Several months ago I wrote a post called Where, oh where, does the API key go? I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs. I recently bumped into a way that anyone can harvest hundreds […]
![Sad Cloud hates APIs](https://e3c4fpsheba.exactdn.com/wp-content/uploads/2022/11/sadclown-jpeg.webp?strip=all&lossy=1&ssl=1&fit=233%2C293)