It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

HipChat API auth token

Hi,

I was having a look at the HipChat API and saw that to create a new room, all I need to do is POST the following request:

https://api.hipchat.com/v2/room?auth_token=mytoken

I was just wondering, is this secure? What's to stop someone from seeing this request (in Chrome dev tools or whatever), taking my auth_token and using it to do whatever they like to my HipChat instance?

I'm a little worried about using this API and exposing my HipChat instance.

Thanks.

1 answer

You wouldn't want to make calls to an API like this from inside JavaScript where someone could see them being made. You should make them from your backend where the auth token is only visible to you.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Hipchat

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

35,201 views 9 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you