Beginning on the 1st of January 2021, Akahu will require all API requests to
api.akahu.io that are authorised with a User Token to include a new header,
X-Akahu-ID with the value of your App Token.
An example of the new authorization headers is given below:
Authorization: Bearer user_token_11111111111111111111 X-Akahu-ID: app_token_11111111111111111111
Requests that do not contain this header will receive a
401 Unauthorized response.
This change will enhance the security of Akahu users by making it more difficult for an attacker to take advantage of a leaked user access token.
By adding the additional requirement of a secret token, we decrease the chance that access tokens can be used by unauthorised third parties.