Authentication Security Best Practices
api-keys-in-header
general > api-keys-in-header
Guidance
Your API accepts API keys sent in cleartext in a header over an unencrypted channel. Attackers can easily intercept
API calls and retrieve the credentials. They can then use the credentials to make other API calls.
Applies to Operation