API Authentication Security Improvement

omprakash_gurubaxani

As per API authentication guide here - https://developer.domo.com/portal/1845fc11bbe5d-api-authentication

The first step to get access to Domo APIs is to generate ClientId/Secret and then make a request to get access token. This request is of type "Basic Auth" where client credentials (ClientId/Secret) are passed as base64 encoded string. Since these creds act like username/password sending them as just base64 encoded over https is secure but not the best form of security as they can easily decoded.

Ask is to update this method to send client creds as part of a POST request in Body to make them more secure and true OAuth (i.e. no use of Basic Auth at all).

Reference - https://medium.com/%40satokenta940/the-advantages-of-oauth-over-basic-authentication-d2d4aaa9c65d#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImUxYjkzYzY0MDE0NGI4NGJkMDViZjI5NmQ2NzI2MmI2YmM2MWE0ODciLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIyMTYyOTYwMzU4MzQtazFrNnFlMDYwczJ0cDJhMmphbTRsamRjbXMwMHN0dGcuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyMTYyOTYwMzU4MzQtazFrNnFlMDYwczJ0cDJhMmphbTRsamRjbXMwMHN0dGcuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMTcwOTAyNzQ3NjIzMjA5MDgxMDQiLCJlbWFpbCI6Im9tcHJha2FzaGc3QGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYmYiOjE3MTQ1MDE0NjcsIm5hbWUiOiJPbXByYWthc2ggRyIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS9BQ2c4b2NMNFIwYzZzSDliTkVPTHV6eVhNSGFiX0dtbWVmSXhFRjB4MGM2elJEZlhhMDZXTWgtZD1zOTYtYyIsImdpdmVuX25hbWUiOiJPbXByYWthc2giLCJmYW1pbHlfbmFtZSI6IkciLCJpYXQiOjE3MTQ1MDE3NjcsImV4cCI6MTcxNDUwNTM2NywianRpIjoiYmNiNGRlNzg0OWY1MmQ1Mjc1ZjNjMmJjMzQ1MWZhNDg2ZmNmMDhiYyJ9.A4Utt3wsnX3irPGeJIVClEP3AT6q01XLX3T_3gfRdrOfW9W4ardhg4vsbSjvVRTDzp92ZMNaOC6G8JXj-k_n8ZuBghsULkXxJZTSmbxYIUEpnnsLhKTWa6u1ZSu1cDUqQmcRtnhokKm7_TnkbDb2tJjylhqSe-_0GXxTLv_G3JVbmtaO2dJ3FnzQcTTUaJHkjZryU1D1M7RoEIyAd-1EkNmNM1R7IHl5NRLLNPAtLQl37t74WSUiZ6ru36X9t-JUDjZijfX1f-gGk9A5O_LVF7WDQqmila7sPn3topbU8qOJC9pfZc9pRHw92zOIla3U53Y1aLxT3xYxvFIymU1OmA