eSign API – URL parameters will no longer be supported
Overview
esign-003-2024
Product: Scrive eSign API
Change: URL parameters are obsolete
Environment: All
Type: Mandatory, action necessary
Enforced as of: 2024-10-01
Description
The Scrive eSign API supported URL parameters. This feature will be obsolete as of 1 October 2024. It is then no longer possible to use URL parameters with the API.
This feature is removed to enhance security as well as to follow best practices and industry standards.
Additionally, utilising the body of a request instead of URL parameters comes with benefits making it more suitable for handling larger and more complex data.
Impact
If you are using the Scrive eSign API with URL parameters, you must not do so. Due to being obsolete, API requests will stop working from 1 October 2024.
Recommendation
If you are still supplying data in URL parameters today, for example like:
$ curl --location --request POST \
'https://scrive.com/api/v2/getpersonaltoken?email=youremail%40example.org&password=yourpassword'
You will need to update these requests so that data is sent via normal form parameters.
$ curl --location 'https://scrive.com/api/v2/getpersonaltoken' \
--form 'email="youremail@example.org"' \
--form 'password="yourpassword"'
This ensures that passwords and other sensitive data are not logged in plain text as a part of the URL.
Contact
If you have any further questions, feel free to reach out to Scrive Tech Support by writing an email to support@scrive.com referring to esign-003-2024.