I assume the `planId` should be treated as a shared secret btw client and server. If client A gets hold of the planId for another client B, client A can access data files generated/targeted for client B.
Or the server is expected to validate that the planId was meant for the correct client? On Tue, Nov 11, 2025 at 9:55 PM Jean-Baptiste Onofré <[email protected]> wrote: > +1 > > It sounds good to me as it can help the server with context. > > Regards > JB > > On Fri, Nov 7, 2025 at 7:49 AM Eduard Tudenhöfner > <[email protected]> wrote: > > > > Hey everyone, > > > > I'm proposing to add the planId from server-side scan planning as a > query param to the /credentials endpoint. > > This is needed so that the server has some additional context when > credentials are refreshed with server-side scan planning. > > > > The proposed OpenAPI changes can be seen in #14519. > > > > Looking forward to your thoughts and feedback. > > > > Thanks, > > Eduard >
