Hoi. > Adding https is also a bit tricky at the moment I think, but should be > possible if/when we switch to letsencrypt.
That would be great and important, because HTTP Basic Authentication should not be done unencrypted. In developing an editor, one would want to ensure that the API is always called via HTTPS, if HTTP Basic Auth is to be used. Testing such an editor is thus not possible with the testing API. Furthermore, the relevant section in the API spec does not mention the need to use HTTPS: http://wiki.openstreetmap.org/wiki/API_v0.6#URL_.2B_authentication Actually, none of the terms `https', `ssl', `tls' and `encryption' does appear in the spec. Of course, this is not the topic of the API spec, but with respect to the danger of an editor developer missing the need to use https, it seems to be worthwhile to add a note there. I can provide some text pieces if that would be helpful. (Didn't wanted to modify the API document uninvited ...) meillo _______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev