Use of HTTP header for `app_key`

Hi folks, is there any way to pass app_key as a header rather than URL parameter?

The main driver for this is URLs generally not being considered sensitive - they are saved in browser history and included in library error messages, e.g. this one from Go’s net/http:

Get "<redacted>": context deadline exceeded

While there are of course ways to sanitise logs, the standard Authorization HTTP header is likely to be treated with more care by default.


Hi @gebn

You can indeed pass your app_key as a header

As shown in the above postman call.

Many thanks,