-
Hi, just wanna confirm if this is by design. So I see an API to retrieve the entire Pastebin of a given account. Assume the token is for the user, I observe the following: If bearer token is passed, all (including unlisted) pastes will be shown; If no token is passed, only "listed" (I interpret this as "public") pastes are shown. Then in another API of retrieving a specific paste. If the paste is "public", whether or not token is passed, it'll be returned. This makes sense. But if the paste is unlisted (is it equivalent to private?), not passing a token will still get it. Is this by design? If it is, it's a little bit weird since the "list all" API is access controlled but "getting one paste" is not. (Though it still makes sense.. since pastebin is by nature a somewhat "public" service. Do we need to consider removing the ACL on "list all" API?) if it is not, I'll need to file a bug? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
It’s by design, yes. Everyone can access any paste if they know the paste name, whether via the web interface or the API. And if you know a person’s address, you can view their listed pastes — again, via the web or the API. But the only way to view a full list of all pastes (including unlisted ones) for an address is to either be logged into the web interface or use an API key. With this design, access to information is consistent across web UI and API. |
Beta Was this translation helpful? Give feedback.
It’s by design, yes. Everyone can access any paste if they know the paste name, whether via the web interface or the API. And if you know a person’s address, you can view their listed pastes — again, via the web or the API. But the only way to view a full list of all pastes (including unlisted ones) for an address is to either be logged into the web interface or use an API key. With this design, access to information is consistent across web UI and API.