Using API token in the http header instead of query string

The following document shows that the api_token need to pass through query string, however, query string isn’t encrypted even using https connection, hence, it exposed to MITM attack.

I would like to check is there any option to use the api_token in the HTTP headers?


Hello, @jerry.ho and welcome to the community! :wave:

We do not have an option of supplying the api_token inside the header. In this case, we suggest using OAuth instead :slight_smile:


The OAuth seems like available for marketplace developer only? How do i use it for my own account only?