What would you like to improve?
Accessing media items + custom fonts always require auth to be passed as a token parameter.
Matching the standard HTTP Authorization header patterns for these paths does not introduce security concerns, and for some use cases (non-browser), the consistency simplifies usage of the API.
What's the current friction?
Some endpoints require token query parameters and others require the authorization header. Consistency helps development of third party tools.
What would make this better?
Allow both token query param & authorization headers for media / custom fonts.
Anything else? (Optional)
No response
Before Submitting
What would you like to improve?
Accessing media items + custom fonts always require auth to be passed as a
tokenparameter.Matching the standard HTTP Authorization header patterns for these paths does not introduce security concerns, and for some use cases (non-browser), the consistency simplifies usage of the API.
What's the current friction?
Some endpoints require
tokenquery parameters and others require the authorization header. Consistency helps development of third party tools.What would make this better?
Allow both token query param & authorization headers for media / custom fonts.
Anything else? (Optional)
No response
Before Submitting