Mozillians/API-Access: Difference between revisions

Jump to navigation Jump to search

Mozillians/API-Access (view source)

Revision as of 22:12, 16 May 2014

17 bytes added ,  16 May 2014
→‎How the API currently works
(Created page with "= Background = Question: How do we make API access more accessible to all Mozillians, while minimizing the risk of overexposing the personal identity information that Mozillia...")
 
Line 9: Line 9:
* As a result, some users have asked for elevated privileges -- the so-called "Corporate"-level API key.  Corporate API keys return every user profile field for every user.
* As a result, some users have asked for elevated privileges -- the so-called "Corporate"-level API key.  Corporate API keys return every user profile field for every user.
* Initially the Corporate API key was intended for a select few, but it has been granted more widely, even to users whose applications are unreviewed and running on unknown hardware.
* Initially the Corporate API key was intended for a select few, but it has been granted more widely, even to users whose applications are unreviewed and running on unknown hardware.
* Since the API was implemented, profiles have been enhanced with per-field privacy levels. Users can specify that certain fields are public or for Mozillians only. But the API doesn't expose these per-field privacy levels, so API consumers with Corporate-level access don't know which fields are public. There is certain potential for PII leakage as a result.
* In the time since the API was implemented, user profiles have been enhanced with per-field privacy levels. Users can specify that certain fields are public or for Mozillians only. But the API doesn't expose these per-field privacy levels, so API consumers with Corporate-level access don't know which fields are public. There is certain potential for PII leakage as a result.


= New proposal =
= New proposal =
Hoosteeno
Confirmed users
583

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/977812"

Navigation menu