Hacker News new | comments | show | ask | jobs | submit login

> At the same time, API credentials should by definition be single-use.

Could you spell this one out a little bit more? Do you mean only a single session should be able to use an API credential?

I mean the credential should only be relevant to the service, never shared across multiple services, because the API generates it for you.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact