https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523 --- Comment #98 from David Cook <dcook@prosentient.com.au> --- I actually just thought of another potential issue... Other than Koha's internal use of the API, I think most third-party API usage involves using 1 potentially high privileged user. I assume there will be times where that API user is making a call on behalf of an anonymous user or a low-privileged user, but since the API user is the "logged in" user, the anonymous/low-privileged user will get access to data that they shouldn't - unless the third-party API user does post-processing on their end (which is something we said we wanted to avoid on bug 29275). -- You are receiving this mail because: You are watching all bug changes.