added
New Header Required: `X-Akahu-ID`
over 4 years ago by Oliver Fawcett
Beginning on the 1st of January 2021, Akahu will require all API requests to api.akahu.io that are authorised with a User Token to include a new header, X-Akahu-ID with the value of your App Token.
An example of the new authorization headers is given below:
Authorization: Bearer user_token_11111111111111111111
X-Akahu-ID: app_token_11111111111111111111
Requests that do not contain this header will receive a 401 Unauthorized response.
Rationale
This change will enhance the security of Akahu users by making it more difficult for an attacker to take advantage of a leaked user access token.
By adding the additional requirement of a secret token, we decrease the chance that access tokens can be used by unauthorised third parties.