Question: Authentication via API_TOKEN #219
-
|
What is the reason behind using authentication (via API_TOKEN) ONLY for "/api/v1/cars/:CarID/command/:Command", "/api/v1/cars/:CarID/wake_up", and "/api/v1/cars/:CarID/logging/:Command" endpoints? It looks missleading.. I expected that all endpoints would be protected after briefly reading documentation, but it turned out that they were not. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
hi @Iamcerba, The reason for this is that the API_TOKEN was implemented to only add a layer in front of things you can do in the api (eg. commands). It could actually be reasonably to add that to the overall endpoints to protect the entire set of endpoints. Kind regards, |
Beta Was this translation helpful? Give feedback.
hi @Iamcerba,
The reason for this is that the API_TOKEN was implemented to only add a layer in front of things you can do in the api (eg. commands). It could actually be reasonably to add that to the overall endpoints to protect the entire set of endpoints.
In the security information section of the readme we also mention that you should have a protective layer in front of TeslaMateApi container (similar to TeslaMate) to protect your data.
Kind regards,
Tobias