Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

  • Ben January 2013
Subscribe & unsubscribe API
  • Vote Up0Vote Down BasukeBasuke
    Posts: 2Sendy user

    According to the document, anyone can call subscribe and unsubscribe api without no restriction. People who knows the installation url, which can be any subscribers because there are so many hint in the mail, it is possible to hit the api and add any email address to the server.

    I think it should be protected by default and warned to the Sendy users more.

  • 1 Comment
  • Vote Up0Vote Down BenBen
    Posts: 3,667Sendy support

    Hi @Basuke,

    The subscribe API and subscribe form HTML code does basically the same thing, just in a different way.

    For example, when you have a subscribe form on your website, anyone can subscribe to it as well.

    So it's just a redundant additional step to pass in your API key when using the API. Moreoever, you need to know what is the encrypted list ID in order to subscribe to any list.

    The rest of the API does requires an API key.



This discussion has been closed.
All Discussions