You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 13, 2020. It is now read-only.
Right now, if you have a copy of Postman, you can get any data from any of the API endpoints, regardless of whether or not you should access that data.
We need to lock down the API so that:
Only authenticated, authorized users can request data
Users only see the data they are authorized to see. For example, a property manager should not be able to request data on a tenant that does not live on one of their properties.
The text was updated successfully, but these errors were encountered:
Right now, if you have a copy of Postman, you can get any data from any of the API endpoints, regardless of whether or not you should access that data.
We need to lock down the API so that:
The text was updated successfully, but these errors were encountered: