WebLink's Public REST API (https://developers.weblinkconnect.com) previously contained two endpoints that allowed the passing of plain text passwords from a third party login widget to validate a profile or user by comparing the password in the parameter to the password value in the database. As of March 2019, the WebLink software no longer supports plain text passwords and this authentication method is no longer valid.
With the May software update, any requests made to the /security/authenticateprofile or /security/authenticateuser endpoints will be deprecated and return a 410 response ("gone"), indicating that route has been removed.
To properly authenticate profiles through WebLink's API, third parties should use our current authorization workflow using OAuth 2.0 standards, documented here: http://developers.weblinkconnect.com/api-v1/api-authorization#Hybrid.
Please sign in to leave a comment.