Forum Discussion

Ace

7 years ago

GDPR personal_data resource only available on Lithium Studio API Browser

I'm trying to develop a custom endpoint at Lithium Studio, for exposing GDPR functionality described at GDPR Community API support. The query at API browser looks like this: SELECT personal_data FR...

luk

Boss

7 years ago

iarriola Just a remark: What the above code does, is extremely dangerous...do you realize that because you use restadmin() and a USER-DEFINABLE $_GET parameter "userId", that ANYBODY could get the personal_data of any other user, not just himself...

In other words: restadmin() elevates anybody to Admin level in terms of API permissions, and you allow the user to specify the ID of the user to query personal_data about...

I would say, be happy it returns an empty object for now =)!

Forum Discussion

GDPR personal_data resource only available on Lithium Studio API Browser

Related Content

Community REST-API: Get all tags available

CMAD Resources You Can Use

Components Available for TKB Card Article

Help Has Arrived: Agent Assist is Now Available

Is a Studio cheat sheet available?

Recent Discussions

How to fetch all labels associated with TkbArticlePage and count how many times each label is used

In Aurora, add additional <script> and <meta> tags

Setup content filter for arabic language

24.10 API change breaks navigation

How to create/subscribe the Webhook in Aurora