Send a request URL with token

rest-api

(Omri) #1

Hello,
Can i send a request URL with a token?

For example:
https://api.pagerduty.com/oncalls?time_zone=UTC&include%5B%5D=escalation_policies&escalation_policy_ids%5B%5D=aaa&schedule_ids%5B%5D=bbb&token=ccc

When i use this command with CURL, It works great:
curl -X GET --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Authorization: Token token=ttt' 'https://api.pagerduty.com/oncalls?time_zone=UTC&include%5B%5D=escalation_policies&escalation_policy_ids%5B%5D=aaa&schedule_ids%5B%5D=bbb'

When i try to use the same command as a request URL in the browser, I get 404 error page.

Please advise.


(Jonathan Curry) #3

PagerDuty only recognizes and accepts API keys provided via the Authorization HTTP header.

Although there are some APIs out there that still allow you to provide keys right in the URL, it’s best not to do this because URL query parameters aren’t secure. URL query parameters get saved as plaintext in web server logs, and - if you test in your browser - get saved in your browser history and are accessible to all kinds of browser extensions, etc. Providing your API key in the Authorization HTTP header keeps it out of server logs, and ensures only trusted users (for shared computers) and extensions have access to your account via our API.

If you’re authenticating with other APIs using URL query parameters, I’d recommend switching to other methods whenever possible.