(Alt: The Drake meme. Upper panel shows him hiding his face from “Securing Customer Data”. Lower panel shows him smirking at “Securing Public API Documentation”)

  • HakFoo@lemmy.sdf.orgOP
    link
    fedilink
    arrow-up
    36
    ·
    4 months ago

    No, this is a general practice-- I see it a lot with third-party vendors who want you to integrate with their services. They’ll expire the documentation portal password after 90 days, but the actual user facing service still accepts the same “password123” that’s been set since 2004.

    I suspect the pattern is to protect the vendors from developer scrutiny: by the time you’ve jumped through enough hoops to read the docs and realize it’s trash, the execs have signed the contracts and the sunk costs are too high to bail out.

    Also add another 6 months to actually get the credentials for the test environment.