Thank you for the fast answer! Regarding the other part of my question - if and when token are expired, do you know the answer by any chance?
Best regards, Tal Barak. -----Original Message----- From: Craig Sawyer <csaw...@yumaed.org> Sent: Tuesday, November 30, 2021 6:05 PM To: user@guacamole.apache.org Subject: [External] Re: Passing a token as a query parameter (REST API) [You don't often get email from csaw...@yumaed.org. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.] CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Yes, it's not ideal, see: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FGUACAMOLE-956&data=04%7C01%7CTal.Barak%40honeywell.com%7C3c23b3a164c343ee797f08d9b41b5196%7C96ece5269c7d48b08daf8b93c90a5d18%7C0%7C0%7C637738853107699369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=46TxvWVWzOgGjotpcqa21jaGEup%2FYFfQlNuyiZj1v7g%3D&reserved=0 On Tue, Nov 30, 2021 at 8:02 AM Barak, Tal <tal.ba...@honeywell.com.invalid> wrote: > > Hello all, > > > > I understand that when using the REST API, after generating a token, I must > add it to any additional API call as query parameter. > > > > Is this the only way when calling REST APIs? Isn't it possible to add it to > the body of the message (instead of adding it to the URL)? > Isn't it a security risk? Anyone which will sniff the communication will able > to get the token this way, no? > What is the life span of a token? It is expired at some point? > Does the product support one-use-only tokens? > > > > Best regards, > > Tal Barak. > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
