Secure api call

fok_ste · September 28, 2021, 2:24pm

Hi,
I’ve an API call which is in fact open - mean I’d get details of all customers from this api call.
I only can filter this by using a customerid. So my intention was do it this way.

I’ll use this api call display the data in a RG

But now I’m curios about security. I learned that I can set the customerid to private - but then the issue is that its static and can not be changed.

Any idea

fok_ste · September 29, 2021, 5:53am

any idea?

spongebob · September 29, 2021, 7:15am

Hmmm… not sure what is the question.
Are you worried that your API returns all customer details when you want to get only a specific customer’s details?

fok_ste · September 29, 2021, 8:03am

no I’m worried about if the user is able to change the customerid to get result for an other customer.

spongebob · October 1, 2021, 9:54pm

Does your application create customers and hence customer_ids?