Breaking change: removal of API authentication method

Breaking change: removal of API authentication method to increase the security of our platform

By 29.04.2025 we will remove the mechanism to pass the API token as a URL request parameter to authenticate at any sevDesk API endpoint. If you are not using this mechanism, you are not affected by this change.

Why are we doing this? Passing authentication tokens in URLs is considered a bad and insecure practice, as request information is stored in browser histories or server caches/logs. This makes unauthorised access to the application and the hijacking of authenticated legitimate user sessions easier.

All API users have to adjust their implementation to use the existing approach to pass the token for authentication via authorization header when calling sevDesk API endpoints.

You can find a detailed documentation how to use this approach here.

This change is not connected to any release and has to be completed by 29.04.2025. After that date we will disable and remove the feature.