We're leveraging the Enterworks API for the first time and ran into a security concern. As per the Swagger, the username and password are passed as query parameters to obtain a token.
e.g. /enable-api/login?login=Username&password=Password
Normally with OAuth, the token endpoint is called with the username and password in the body, which is much more secure. Is this an option?
Similarly, once the token is obtained, the Swagger indicates the Bearer token is passed in the URL and not in the Auth section.
e.g. /webcm/rest/api/items?repositoryId=123&Authorization= BearerABCDEFGHIJK
Is the option to pass the username, password and token in the body/auth section possible?
------------------------------
Sidd Shenoy | Sr Dir Enterprise Master Data
Thomson Reuters Corporation | (646) 540-2371
------------------------------