As I understand it correctly on Service Desk API for Developers | Freshservice freshworks provides an API which uses some sort of API key.
But after testing it in Postman I see that the API is only using Basic Authentication as a security.
This means if someone knows our URL he can then iterate through API keys and always use a random password as this is not required. This seems to be insecure…
When will FreshWorks implement more secure API Authentication with OAuth 2.0 or/and bearer tokens?