Hi,
I am building a script to run which makes a series of API calls to configure 50+ projects supporting multiple environments using a CI-CD pipeline. The first step is to exchange an API token for a bearer/access token following the documented instructions. This and additional steps has been successful.
https://api.platform.sh/docs/#section/Authentication/OAuth2
curl -u platform-api-user: \
-d 'grant_type=api_token&api_token=**API_TOKEN**' \
https://auth.api.platform.sh/oauth2/token
The example CURL request includes required basic auth credentials of “platform-api-user:” with each request – a username but no password. Since this server appears to be shared across multiple customer, I would think this would not be configurable by anyone other than someone at Platform.sh. There may be unknown reasons to me but the amount of protection on this URL using basic auth seems small since the solution is openly documented.
Q: Any assurances that these basic auth will not change or should I make a support request for a private pair?
AdvThanksance!!!