I'm a little concerned regarding security though as the api key seems to be stored in clear-text in the db currently. This seems like a huge attack vector for malicious users as dumping that table would mean you get programmatic access to all user accounts.
This is great! Good job!
I'm a little concerned regarding security though as the api key seems to be stored in clear-text in the db currently. This seems like a huge attack vector for malicious users as dumping that table would mean you get programmatic access to all user accounts.
Not all, those who have signed in. You can always use the dev API on your own. That's what I prefer.