added

New Header Required: `X-Akahu-ID`

Beginning on the 1st of January 2021, Akahu will require all API requests to api.akahu.io that are authorised with a User Token to include a new header, X-Akahu-ID with the value of your App Token.

An example of the new authorization headers is given below:

Authorization: Bearer user_token_11111111111111111111
X-Akahu-ID: app_token_11111111111111111111

Requests that do not contain this header will receive a 401 Unauthorized response.

Rationale

This change will enhance the security of Akahu users by making it more difficult for an attacker to take advantage of a leaked user access token.

By adding the additional requirement of a secret token, we decrease the chance that access tokens can be used by unauthorised third parties.