Using login-tokens webapi

Marc Daverat shared this question 37 days ago
Answered

Hi team,

Having a look at https://developers.yellowfinbi.com/dev/api-docs/yf-api.html#operation/createLoginTokenRPC to embed some dashboard in an external application, it seems that credentials for admin user as well as end user are sent without encryption.

This means that we have to store the admin / user password on application side which maybe a security issue for our customer.

Any hint to secure this ?

Thanks,

Kind regards,

Marc

Comments (4)

photo
1

Hi Marc,

I hope all is well,

I have informed our Security Team so that they can investigate this further. I hope this is ok and expect a reply very soon.

Regards,

Mark

photo
1

Hi Marc,

Apologies for the delay with this, I will question this again with our team. I hope this is ok.

Regards,

Mark

photo
1

Thanks Mark. In fact we are facing this question on a customer project, so I'm going to popen a private ticket.

photo
1

Hi Marc,

Thank you for the update. I will mark this as Completed so that we can continue in the ticket created.

Regards,

Mark