alt Hacker NewsIn the user interface for Railway, all destructive actions require multiple confirmations, plus typing "apply destructive changes". Why would an API key (regardless of its scope) be able to delete without confirmation?
Replies
fetzu • yesterday at 8:19 PM
Isn’t the point of an API to have two computers talk to each other? As in “if I want safeguards for humans, it would be my responsability to put them BEFORE calling that API”?
lelanthran • yesterday at 8:16 PM
> Why would an API key (regardless of its scope) be able to delete without confirmation?
How do you see this working? Any confirmation would be given by the agent.
jbxntuehineoh • yesterday at 8:41 PM
... because that's how every other cloud provider API works? the AWS console makes you confirm before deleting a bucket; DeleteBucket does not
> Why would an API key (regardless of its scope) be able to delete without confirmation?
What do you think an API is for? There's no user sitting at the keyboard when an API is called so where would that confirmation come from? It can't come from the user because there is no user.