Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

HipChat API auth token

Annie1
Annie December 5, 2013

Hi,

I was having a look at the HipChat API and saw that to create a new room, all I need to do is POST the following request:

https://api.hipchat.com/v2/room?auth_token=mytoken

I was just wondering, is this secure? What's to stop someone from seeing this request (in Chrome dev tools or whatever), taking my auth_token and using it to do whatever they like to my HipChat instance?

I'm a little worried about using this API and exposing my HipChat instance.

Thanks.

Answer
Watch
Like Be the first to like this
618 views

1 answer

0 votes
GarretA
GarretA December 5, 2013

You wouldn't want to make calls to an API like this from inside JavaScript where someone could see them being made. You should make them from your backend where the auth token is only visible to you.

Reply

Suggest an answer

Log in or Sign up to answer
Hipchat
Hipchat
TAGS
AUG Leaders

Atlassian Community Events

    See all events