Happy Business Starts Here

Highlighted
Scholar

Incorrect REST API credential prescience and incorrect error message wording

I was replaying some API requests from a few weeks ago, and oddly it appeared the api user/token headers were no longer being accepted.

 

It turns out a cookie (ZSession) had been set in my test tool (Postman) and it had expired. The valid API credential headers were ignored. This is a bug.

 

Additionally, the error message indicated that a valid login was needed - which was incorrect; it should have said something like "your cookie session is expired."