I have recently posted in the security forum about the data returned via the API in response to a query on a specific order at order data level. I will simply post the link here for that thread:
Without repeating all that is said in ^^^ here are the fields transmitted that cause me a great deal of concern and should, I feel, be configurable / only enabled as an "option" via an API configurator in admin area:
We forwarded this information to our software engineers for examination.
I have recently posted in the security forum about the data returned via the API in response to a query on a specific order at order data level. I will simply post the link here for that thread:
Without repeating all that is said in ^^^ here are the fields transmitted that cause me a great deal of concern and should, I feel, be configurable / only enabled as an "option" via an API configurator in admin area:
Ok - in the absence of any action / response - I have simply created a proxy to pull the data on the server and filter out what I don't want over the wire.