Retrieve author information through API-Key
complete
Sharedien Documenter
When you use the knowledge base assistant, then the exposed api key can be used to retrieve all information regarding the authors
e.g.
curl --request GET "https://apihub.document360.io/v2/teams" --header "api_token: OBBt3Wo9S/fCC3ioJTusteo558ZVbkSNwHU2wb7p95oLG7olxF2OhSkOLk0Ra1ZxSxJeQCegEVtrcC/I8byhTJUqu4EQf0rl8zPOzufIFt6ngqeFTfi9aHLj0b/YIW145z+Vkqvt0LnrmVCFQ7PSFg=="
Response will return the user_id, first_name, last_name, email_id, profile_logo_url, last_login, portal_role etc. of all users in document360
We seen this as a heavy security breach, which needs to be fixed
Log In
D
Document360 Support
complete
Since there has been no response, we are marking this item as "Complete".
D
Document360 Support
Sharedien Jakob Shaunna : As you have observed, we have implemented the JWT authentication for better security.
Please find the details at: https://docs.document360.com/docs/managing-the-knowledge-base-widget#securing-knowledge-base-widget-authentication-using-jwt
Hope this helps. Please reach us for any queries. Thank you!
Mohamed Shakheen
under review