Hi, Given you use HTTP, If the request is intercepted, keys are exposed even you send as URL or as headers. If you use https, headers and URL are both encrypted I guess. However sending in URL has some drawbacks,
1) browsers caches the URL 2) will be printed in logs ad Johans mentioned So better and common practice is sending as headers. Touched, not typed. Erroneous words are a feature, not a typo.
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
