This topic contains 1 reply, has 2 voices, and was last updated by rossja 1 month, 2 weeks ago.
- January 23, 2021 at 1:38 pm #354946
There is a govt contracted website providing public data that uses an API run by a contracted company and the requests are secured by a visible header token you can see by looking at the request in browser dev tools.
This API is promised by the state dept of revenue, but there’s no way to “sign up” for it.
Would consuming this API for another service by using the visible header token be considered “hacking” in a general legal sense in the US?
- January 23, 2021 at 1:38 pm #354947
Almost certainly, yes. They could argue that some one violated the CFAA by gaining access to content they were not explicitly given permission for, and they could argue that the DMCA was violated because basic auth uses encoding, which could be argued is a protection mechanism technically.
You must be logged in to reply to this topic.