SECURITY THREAT
-
the order feedback and market feeds websocket APIs are not secure
they are accepting jwt token and API-keys in request URL.This is highly vulnerable. Any middleware can read URL context path and query params as they are not encrypted.
Kindly upgrade the APIs for better security
https://smartapi.angelbroking.com/docs/WebSocketOrderStatusclientId - T185904
-
Please go through this article to find all the reasons why we should not pass sensitive information in query params
https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
1 out of 2