Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

SECURITY THREAT

General Discussion

1

2

10

Log in to reply

T
tsingh Dec 20, 2022, 1:41 PM last edited by

the order feedback and market feeds websocket APIs are not secure
they are accepting jwt token and API-keys in request URL.

This is highly vulnerable. Any middleware can read URL context path and query params as they are not encrypted.

Kindly upgrade the APIs for better security
https://smartapi.angelbroking.com/docs/WebSocketOrderStatus

clientId - T185904
Reply Quote 0
1 Reply Last reply
T
tsingh Dec 20, 2022, 3:54 PM last edited by

Please go through this article to find all the reasons why we should not pass sensitive information in query params

https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
Reply Quote 1
1 Reply Last reply

1 out of 2

1 / 1