REST standard security
https://stackoverflow.com//questions/21018526
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
https://blockchain.info/api/blockchain_wallet_api
Is it normal to essentially pass your username and password in the URL of an http.post? I'm using the blockchain.info api to send and receive bitcoin transactions on my website. Everything works, but I'm still uneasy about how their service is set up to send out payments. Seems vulnerable?
Solution
The Base URL for all requests: https://blockchain.info/fr/merchant/$guid/.
The API endpoints are available through HTTPS, so every bit of data you send there (including the URL) is encrypted and protected from man-in-the-middle attacks, I'd say this is safe enough.
OTHER TIPS
No it isn't normal, but it will be encrypted as it is sent over TLS.
Usernames and passwords in the address are usually avoided as URLs are often logged on their journey (e.g. by servers, proxies and browsers) but only systems that have a certificate trusted by your client machine can view the full URL over HTTPS (only source and destination will be exposed on the way).
