The IESG has received a request from the Building Blocks for HTTP APIs WG (httpapi) to consider the following document: - 'API Keys and Privacy' <draft-ietf-httpapi-privacy-04.txt> as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2026-03-12. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Redirecting HTTP requests to HTTPS, a common pattern for human-facing web resources, can be an anti-pattern for authenticated HTTP API traffic. This document discusses the pitfalls and makes deployment recommendations for authenticated HTTP APIs. It does not specify a protocol. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-httpapi-privacy/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
