Create Password Protected Download via an API

Question

Hello,

I would like to use the API of socisurvey together with R to create automated reports.

As I understand from: https://www.soscisurvey.de/help/doku.php/en:results:data-api there is no password protection of the API Link created here.

My question(s):
a) Is there a possibility to password protect the acces to my data via the API?
b) If threre is not such a possibility: Can you describe a bit how safe the use of such API links is compared to a password protection (e.g. How probable is it, that a third person (e.g. a hacker) may find those links?)?

Kind regards and thank you!

Answer 1

there is no password protection of the API Link created here.

The API link is/contains the password. Using a second password would only increase security so far that the password becomes longer. Yet, the length should be sufficient already.

How probable is it, that a third person (e.g. a hacker) may find those links?

The probability is very much the same like finding a password. Actually, the risk is a bit lower, because the automated generation of the links does not allow for easy-to-guess passwords ;)

However, if you have a trojan on your PC (what hackers usually use to infiltrate computers and companies), a link and a password are equally insecure. You would need a two-factor-auth with a hardware key then. But given an infiltrated PC, even that would be of limited value, as the attacker would still be able to download any data via the infiltrated system.

Wyh am I telling that? Hacking the URL is by far not the weakest element in the chain. If your data is hacked, you can be quite sure, that it was not the URL that was hacked.

Comments

Thank you for the swift answer! This is exactly what I wanted to know!