I am a newbie to this forum, i had wanted to post this thread under "Development".
I have started to look into coinbase api, and i found this key authentication URL format:
https://coinbase.com/api/v1/account/balance?api_key=YOUR_API_KEYIs this good practice? the API_KEY will grant caller privilege to buy, sell, and send payment, which means
anyone who know it can empty your bitcoins, as well as your bank account linked to it? (thankfully up to
the daily buy limit imposed by coinbase). I am afraid this URL can get sniffed, or stored in some logs
on the server side. I want to get some opinions with security experts out there, and if warranted, i will
ask coinbase to disable people from doing that. I have heard on Reddit that some ppl have already lost
bitcoins and $$ from mishandling this Key. Passing it as part of URL is probably a big way to expose it
to the world.
