New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request with invalid token_auth responds 200 OK #18055
Comments
Hi @MrIsak |
This one we might want to do in Matomo 5.0 just because it's kind of a breaking change. We're using some of these URLs with invalid token in some monitoring tools ourselves and we'd get paged if there's a change and it's no longer HTTP 2XX. It could also cause issues potentially with the Matomo Mobile app and possibly other apps etc when someone is trying to log in with wrong username/password. |
Hi guys, Is there any case the API would respond status != 200? So far I've only seen 200s and the only indication that an error has occurred can be found in the response body (result = "error"). |
Needs to be included in the developer changelog as well in case anyone is using an invalid token in the monitoring tool. |
When sending requests against the API module with a non existing token, the HTTP response should be 403. Not 200.
Expected Behavior
When sending a request with a non existing token, response code should be 403
Current Behavior
Response code is 200
Steps to Reproduce (for Bugs)
curl -ik 'https://matomo.example.com/index.php?module=API&method=API.getMatomoVersion&token_auth=I_DONT_EXIST'
Your Environment
The text was updated successfully, but these errors were encountered: