I was forking the “Microsoft Graph” collection on Postman recently, following the Use Postman with the Microsoft Graph API article.
Instead of clicking the link provided in the article, I made a quick search from the Postman app directly.
I could not believe my eyes…
I got a lot of results….
What’s so shocking about it?
It means that there are a lot people who forked the collection to a public workspace. Most of these public workspaces also contain (publicly available) environments. They are used to store all the details needed to authenticate: tenant ID, client ID and secret.
I am not sure it’s a great idea. 🙈
Please don’t do it.
Please ask your colleagues not to do it.
You may think nobody cares and nobody will notice, but… I did notice. And it’s not my job to hack people. But there are companies who do it for a living, professionally, and chances are they do pay close attention to our actions.
Don’t make their life so easy.
Top comments (1)
Do I Know you not?
Some comments have been hidden by the post's author - find out more