We have self hosted redash which we are trying to use in our own application. there are two ways to access API from our application :
Approach #1. GET ‘https://selfhostedredash.in.mydomain.com/api/queries?api_key=xxxxxxxxxxxxx’
Approach #2. GET --header ‘Accept: application/json’ --header 'Authorization: Key xxxxxxxxx’ ‘https://selfhostedredash.in.mydomain.com/api/queries’
My developers raise concern is the way it has been used in case #1 (which is default with redash), we are putting sensitive information in the URL, i believe api_key is sensitive information.
Approach #2 required customisation i believe in redash codebase, please correct me if i am wrong here.
Please help me to finalise the way API could be used.
Thanks in advance