radi8 @radi8

the wasteofplus API (soon to be in use) is now public!

https://github.com/wasteofplus/api

Oct 20, 2023, 7:31 PM
4
View all

comments

Highlighted comment

third party backend services should not get access to wasteof user passwords/tokens. not sure if thats whats going on with wasteofplus, but it kinda looks like it.. wasteof.mobile is client side only, which is why it asking for username and password is acceptable, but no third party serverside component should ever have access to a user’s wasteof token or password.

if it makes you feel any better, apache/uvicorn logs are cleared every few hours & we don’t store tokens. if you can think of a better way that I can implement this I would be happy to do so.

atm, wasteofplus doesn't use this api btw

the emoji reactions addon (which was going to use the api) could instead just post standalone emoji replies i guess?