Any way we can make API tokens a one-way process?

  • Love the product and the options that it provides.

    Have one small issues I’d like to request a fix for:

    If you use some of the API options for remotely backing things up then you have to install an API access token – that token should never be revealed to others and yet in a shared admin situation that token in plainly visible.

    There is no need for that at all – once it is installed it should be treated like any other password and be behind a one-way mirror so to speak.

    Can we do that for the services that require an API access token?

    Can we at least secure the access to the keys so only the person that puts them in can view them under a single account?

    https://www.ads-software.com/extend/plugins/backwpup/

Viewing 2 replies - 1 through 2 (of 2 total)

  • I’m not sure that i really understand what you mean.

    In Version 3 BackWPup will get it’s own caption for better mangaing the acsses rights.

    Thread Starter techano

    (@techano)

    An API token is pretty much identical in function to a password.

    We keep passwords hidden – why should API tokens be plainly visible once entered?

    They should also be stored in the database encrypted just like passwords as well.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Any way we can make API tokens a one-way process?’ is closed to new replies.