Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

SECURITY THREAT

General Discussion

0

2

10

Log in to reply

T
tsingh last edited by

the order feedback and market feeds websocket APIs are not secure
they are accepting jwt token and API-keys in request URL.

This is highly vulnerable. Any middleware can read URL context path and query params as they are not encrypted.

Kindly upgrade the APIs for better security
https://smartapi.angelbroking.com/docs/WebSocketOrderStatus

clientId - T185904
1 Reply Last reply
Reply Quote 0
T
tsingh last edited by

Please go through this article to find all the reasons why we should not pass sensitive information in query params

https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
1 Reply Last reply
Reply Quote 1

1 / 1