Quote Originally Posted by DA_MAN View Post
Well, I'd be all about a real API implementation.

I am also all about working with companies and individuals on ALPHA's, BETA's or RC's - it is for EVERYONE's benefit; I've done it for many years.

Sending UN and PW data (and the arguments themselves) via a URL is such a security issue to the customer base, I am shocked at who suggested, posted and implemented it.

What you have put in place here with little effort would allow a person to break every single customer's service that has enabled the API feature. Does that sound intelligent? ---> I surely do not think so... (But what do I know? Only have 30 years at this. )

I could write a 100 pages here how this could be done differently and safely on VOIPo's system, but I would hope the folks at VOIPo (should) know this. If they do not, they need hire those that do.

I know, this sounds offensive, it is not meant that way; but, sit back and look at the exploit you have implemented with this API, done in a fashion that should have been week one in db, server, C-Panel, V-Panel learning as a NO-NO-NO situation - (Hell, computers 101...) Plenty have repeatedly offered alternatives and there are a myriad of others out there, most just as easy or easier to set up on your servers at VOIPo as how it has been.

Let us all know when this is migrated away from passing our sensitive data via plain-text for all to see and tamper with, I will happily develop with the API at that juncture...

Happy New Year everyone and may you spend it among family, friends and loved ones.
I think this is a bit of a stretch. The only accounts at any risk are the ones who enable api and I dont think the api option is listed in vpanel anymore. I know last time I checked you could still get there if you know the url but 98% of customers probably do not even know it exists. It was a test and there is room for improvement. I am sure thats why its not considered beta.