Re: Re: Rest API v.2 developer credentials
Aldevinas Katkus
10-17-17
Thanks for the answer. One more question:
is there any CSRF protection implemented in the Rest API?
The CSRF (Cross Site Request Forgery) problem with OAuth is described here https://security.stackexchange.com/a/57886
It looks like the 'state' param is not sent back to the redirect_url. Quote
"The authorization code is issued and sent back to the client in your session along with the state parameter"
I was testing OAuth with this http://oauth2-client.thephpleague.com/usage/
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Latest Posts
Lilian Wanyoike
Hi, We have a customer who creates on account receipts against a customer account. Another team is required to allocate these receipts to specific invoice records. Prepayments will not work as t...
15:49 6 Oct 2025
Piotr Wycichowski
Hi! I am not able to run SERP client on Mac (Sonoma), when the folder is outside of Applications. When and why it happens? I know, that some users with the same system haven't such problem. ...
14:54 19 Sep 2025