Re: Re: Rest API v.2 developer credentials
Aldevinas Katkus
10-17-17
Thanks for the answer. One more question:
is there any CSRF protection implemented in the Rest API?
The CSRF (Cross Site Request Forgery) problem with OAuth is described here https://security.stackexchange.com/a/57886
It looks like the 'state' param is not sent back to the redirect_url. Quote
"The authorization code is issued and sent back to the client in your session along with the state parameter"
I was testing OAuth with this http://oauth2-client.thephpleague.com/usage/
Reply
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Latest Posts
qupdating collisions
Paul Timms
I've found an issue which I'm trying to find the best way to resolve. An integrated proof of delivery system sends two pieces of data to the SERP API, in two separate calls - let's c...
17:59 20 Feb 2026
Optional Features > Idle Client Timeout
Andis Blicāns, Grasko
There are some topics in this Q&A related to this question, but none of them is about Idle users - Concurrent or Named. If timeout minutes are specified in Optional Features, then all idle users are...
15:53 18 Feb 2026