Forum Academy Marketplace Showcase Pricing Features

Secure api call

Hi,
I’ve an API call which is in fact open - mean I’d get details of all customers from this api call.
I only can filter this by using a customerid. So my intention was do it this way.

image

I’ll use this api call display the data in a RG
image

But now I’m curios about security. I learned that I can set the customerid to private - but then the issue is that its static and can not be changed.

Any idea

any idea?

Hmmm… not sure what is the question.
Are you worried that your API returns all customer details when you want to get only a specific customer’s details?

no I’m worried about if the user is able to change the customerid to get result for an other customer.

Does your application create customers and hence customer_ids?