I'm just looking through the eNom API and I've noticed that everything is done through HTTP GET calls to the enom site, including sending your reseller id and password. How is this secure? Couldn't anyone intercept your reseller id and password during one of those calls and login to your account?
I'm sure I must be missing something since so many people use this system so I'd love for someone to set me straight on this.
Right I am in the right thread this time (I think). ffeingol alerted me to the fact that enom now have a massive pdf file for the API documentation online. I am about to go dl it myself because I am going to do this damned domain name sale site I've been sitting on for the last six months
I did post a similar question a while back in the domain names forum. Some good person pointed out to me that for a secure connection to the API you use https:// and you POST the data rather than send it in the query string ala GET.
Having fiddled around with PDQ, register rocket, et al. working out what I wanted to do, it is my general observation that the way enom writes their scripts, you can send the data either using GET or POST methods - they both work.
Thanks Apollo, anyone have something already implemented?
Apollo, I just found 2 great domain names today through your deleteddomains.com site. What do you think about these names? They are obviously domain registration related:
Enom uses SSL , you have to do a post to their API or turn on SSL in the com object they have for download or implement your own SSL with openSSL. Anybody who is sending login or password should use SSL.
Thanks. The problem is with their documentation. The PDF API docs mentioned in the thread make no mention of access and the one document that does, the information on writing your own client that came with the same PHP application, states that you can only access the eNom interface via GET (and, of course, no mention is made of HTTPS or POST.)