| ▲ | jeremyccrane 5 hours ago | |
In the user interface for Railway, all destructive actions require multiple confirmations, plus typing "apply destructive changes". Why would an API key (regardless of its scope) be able to delete without confirmation? | ||
| ▲ | lelanthran 4 hours ago | parent | next [-] | |
> Why would an API key (regardless of its scope) be able to delete without confirmation? What do you think an API is for? There's no user sitting at the keyboard when an API is called so where would that confirmation come from? It can't come from the user because there is no user. | ||
| ▲ | fetzu 5 hours ago | parent | prev | next [-] | |
Isn’t the point of an API to have two computers talk to each other? As in “if I want safeguards for humans, it would be my responsability to put them BEFORE calling that API”? | ||
| ▲ | lelanthran 5 hours ago | parent | prev | next [-] | |
> Why would an API key (regardless of its scope) be able to delete without confirmation? How do you see this working? Any confirmation would be given by the agent. | ||
| ▲ | jbxntuehineoh 4 hours ago | parent | prev [-] | |
... because that's how every other cloud provider API works? the AWS console makes you confirm before deleting a bucket; DeleteBucket does not | ||