#auth token
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr Inc. is funded by 13 investors.
Text
halloween boop event ?
#i wonder if you can automate booping w/ a script#edit: you can; getting an auth token is a bit involved though
0 notes
Text
unfortunate update i'm revoking the twitch connection from sewer rave for now.
noticed someone had decompiled the whole game and got access to the auth token.
at the time i thought "nobody's gonna play this, i don't need extra security for this"(never think like this)
i thought, I'll come up with a new solution to have this stored more securely and release an update, but for some strange reason, the unity hub doesn't let me open the project anymore, it just hangs, and gives a note about it not being connected to unity cloud.
so for now the twitch connection simply doesn't work. if i can eventually figure out a solution and even be able to launch the project again, i'll do that. i feel like shit it happened like this. i feel like shit that i had to remove a feature but tis the fate of online service
56 notes
·
View notes
Text
I made a script to allow me to automatically boop people :)
It doesn't refresh the auth token automatically, so I have to manually refresh that roughly every 30 minutes, but it allows me to get in several hundred boops before then. Let me know if you want to be booped repeatedly.
15 notes
·
View notes
Text
ok so twitter unfortunately is finally migrating to x.com.
fortunately they had the foresight to transfer the auth token completely fine all well and good, so you don't have to log back in. however, they forgot to also transfer the auth_multi token, meaning if you're logged into multiple accounts, only the one you're currently using gets transferred.
which would mean you would just have to log back into them right? except the fucking login widget isn't working. meaning you're locked into the account you were using last as the migration happened. which is fucking awesome. 10/10 job elon, you've done it again
12 notes
·
View notes
Text
finally managed to sit down long enough to get the backend working that I’m planning to share between multiple apps I’ve been really needing to make/update for myself, and i have nothing useful from it yet but it will make building future apps *so much* easier.
Only thing I still need to do for the backend before I start really using it is finishing setting up the auth server. Currently I just have a couple files on my website to trick the app into thinking there’s an OAuth authorization server hosted at my domain and then I’m manually issuing myself tokens that look like they came from it and so as far as the backend is concerned, it’s just normal OAuth.
My plan is to either sit down and do that soon or to develop the first app or two i really need without deploying any frontend code to the public internet and just have the frontend issue itself tokens until i can justify spending the time on it.
I guess it just depends which part I get motivated on first.
3 notes
·
View notes
Text
https://www.citebeur.com/fr/videos/detail/47620-mega-bite-pour-mini-trou?agegate=1&code=3433&auth-token=X24JyJsvG7pbduxV9IObs9WlO11
2 notes
·
View notes
Text
i gotta stress this guy's inability to understand the stuff he was working on was some real 'how dare you say we piss on the poor' level reading comprehension
reading another company's documentation, seeing "we will issue you a Client ID and a Client Secret for identification" in the first paragraph and nodding, content that he just has to pass those in and he's allowed to do whatever he wants, somehow missing that the next ten paragraphs are "and then you need to redirect users to us, identifying yourself with the Client ID and Client Secret, and we will ask the users whether they want to give you access to their data in our system. If they agree, we will call a webhook you provide, and with the access key that we pass to the webhook you can obtain a temporary auth token that allows you to access that single user's data, and..."
it's OAuth. it's literally OAuth. but somehow he read a straightforward description of one of the most commonly-used authentication protocols on the planet and went 'ah yes, we have a user name and password and those let us read anybody's data, I get it :)'. convincing him that this isn't what it said took over an hour. for the record he's been working on this for a week and I saw the documentation for the first time while we had this conversation
24 notes
·
View notes
Text
How to Protect Your Laravel App from JWT Attacks: A Complete Guide
Introduction: Understanding JWT Attacks in Laravel
JSON Web Tokens (JWT) have become a popular method for securely transmitting information between parties. However, like any other security feature, they are vulnerable to specific attacks if not properly implemented. Laravel, a powerful PHP framework, is widely used for building secure applications, but developers must ensure their JWT implementation is robust to avoid security breaches.
In this blog post, we will explore common JWT attacks in Laravel and how to protect your application from these vulnerabilities. We'll also demonstrate how you can use our Website Vulnerability Scanner to assess your application for potential vulnerabilities.
Common JWT Attacks in Laravel
JWT is widely used for authentication purposes, but several attacks can compromise its integrity. Some of the most common JWT attacks include:
JWT Signature Forgery: Attackers can forge JWT tokens by modifying the payload and signing them with weak or compromised secret keys.
JWT Token Brute-Force: Attackers can attempt to brute-force the secret key used to sign the JWT tokens.
JWT Token Replay: Attackers can capture and replay JWT tokens to gain unauthorized access to protected resources.
JWT Weak Algorithms: Using weak signing algorithms, such as HS256, can make it easier for attackers to manipulate the tokens.
Mitigating JWT Attacks in Laravel
1. Use Strong Signing Algorithms
Ensure that you use strong signing algorithms like RS256 or ES256 instead of weak algorithms like HS256. Laravel's jwt-auth package allows you to configure the algorithm used to sign JWT tokens.
Example:
// config/jwt.php 'algorithms' => [ 'RS256' => \Tymon\JWTAuth\Providers\JWT\Provider::class, ],
This configuration will ensure that the JWT is signed using the RSA algorithm, which is more secure than the default HS256 algorithm.
2. Implement Token Expiry and Refresh
A common issue with JWT tokens is that they often lack expiration. Ensure that your JWT tokens have an expiry time to reduce the impact of token theft.
Example:
// config/jwt.php 'ttl' => 3600, // Set token expiry time to 1 hour
In addition to setting expiry times, implement a refresh token mechanism to allow users to obtain a new JWT when their current token expires.
3. Validate Tokens Properly
Proper token validation is essential to ensure that JWT tokens are authentic and have not been tampered with. Use Laravel’s built-in functions to validate the JWT and ensure it is not expired.
Example:
use Tymon\JWTAuth\Facades\JWTAuth; public function authenticate(Request $request) { try { // Validate JWT token JWTAuth::parseToken()->authenticate(); } catch (\Tymon\JWTAuth\Exceptions\JWTException $e) { return response()->json(['error' => 'Token is invalid or expired'], 401); } }
This code will catch any JWT exceptions and return an appropriate error message to the user if the token is invalid or expired.
4. Secure JWT Storage
Always store JWT tokens in secure locations, such as in HTTP-only cookies or secure local storage. This minimizes the risk of token theft via XSS attacks.
Example (using HTTP-only cookies):
// Setting JWT token in HTTP-only cookie $response->cookie('token', $token, $expirationTime, '/', null, true, true);
Testing Your JWT Security with Our Free Website Security Checker
Ensuring that your Laravel application is free from vulnerabilities requires ongoing testing. Our free Website Security Scanner helps identify common vulnerabilities, including JWT-related issues, in your website or application.
To check your site for JWT-related vulnerabilities, simply visit our tool and input your URL. The tool will scan for issues like weak algorithms, insecure token storage, and expired tokens.
Screenshot of the free tools webpage where you can access security assessment tools.
Example of a Vulnerability Assessment Report
Once the scan is completed, you will receive a detailed vulnerability assessment report to check Website Vulnerability. Here's an example of what the report might look like after checking for JWT security vulnerabilities.
An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.
By addressing these vulnerabilities, you can significantly reduce the risk of JWT-related attacks in your Laravel application.
Conclusion: Securing Your Laravel Application from JWT Attacks
Securing JWT tokens in your Laravel application is essential to protect user data and maintain the integrity of your authentication system. By following the steps outlined in this post, including using strong algorithms, implementing token expiry, and validating tokens properly, you can safeguard your app from common JWT attacks.
Additionally, make sure to regularly test your application for vulnerabilities using tools like our Website Security Checker. It’s a proactive approach that ensures your Laravel application remains secure against JWT attacks.
For more security tips and detailed guides, visit our Pentest Testing Corp.
2 notes
·
View notes
Text
the year is 2025. haiku girl (we transed her) is to be added to a discord server. she's not in the new 'apps' section of the Discover feature (though neither was pluralkit, added instead from instance in another server).
her website is up - add from there. discord.com w/ auth token. "opening Discord App"..........install official discord client (not vesktop). try again. "opening Discord App......." fuck this.
how to sign out (fuck the official client)...settings near deactivate/delete ? no. profile options, switch accounts, manage accounts, kebab menu, log out (only option).
3 notes
·
View notes
Text
not me having to finally learn git rebase because i accidentally uploaded an API auth token to the repo and i need that commit gone 😬😬😬 rebase of shame
2 notes
·
View notes
Text
Cloudflare hacked using auth tokens stolen in Okta attack
Source: https://www.bleepingcomputer.com/news/security/cloudflare-hacked-using-auth-tokens-stolen-in-okta-attack/
More info: https://blog.cloudflare.com/thanksgiving-2023-security-incident
8 notes
·
View notes
Text
when i tried to auth the roadtrip api keys on my laptop, it just refreshed the page indefinitely. when i try it on my pc now that i’m home i get this
and it’s not like tumblr support really exists anymore so there’s no real way to get help with it. i’m wondering if my keys are in a weird state after being banned. i remember seeing the screen you’re supposed to see instead in the ~20 minutes before they got me
i... guess i could try making a new tumblr account from scratch, registering a new app, and hoping they don’t obliterate that one on sight?
it’s really frustrating because like, i have a picture in my head of how i think i want to put this whole system together, and i think i basically know how to do all of it, i just. can’t get the tumblr api to let me use oauth lmao. the keys work for all the key-level endpoints; i can get other people’s posts and shit. but i can’t get an oauth token for any of the stuff that requires it, like posting
#cohost also seems like it'll work but their api is VERY early#like you don't even get api keys you just start a login session with your email/pass lol#i was at least able to make a post with javascript though
3 notes
·
View notes
Text
finally, we're living in the 21st century. there's now a particularly nonintuitive way to reblog untagged posts from your archive on mobile. you have to:
go to the tumblr login page on your mobile browser and log in. you can only do this on the official login page, every other login button just throws aways your auth token and kicks you to this page, or worse, the google play store. logging in will open up a very neutered dashboard.
search your own blog name. no, there isn't a good way to navigate to your own blog in the dumbed-down dashboard. theoretically you could scroll until you find one of your own posts and tap your icon.
go to your blog's archive and use the tool to find your post. you can reblog from there.
functional website!
i think it's important to note that this is better than the previous solution, which was to just completely give up on finding an untagged post that's beyond scroll range. or worse, try to navigate desktop tumblr on your phone's browser in desktop mode. *shudders*
4 notes
·
View notes
Text
im like violently shoving the token into auth face and its like huhhhhhhh
0 notes
Text
https://www.facebook.com/photo/?fbid=1597274847777350&set=a.980013469503494 Invest in PAYN - Potential Token in 2025 right now https://aff2024.com/auth/register?ref=775989400
0 notes
Text
Top Ways to Send Form Data to Any REST API Instantly
In today's fast-paced digital landscape, businesses rely on real-time data to drive decisions, automate workflows, and stay competitive. One of the most common—and often overlooked—data entry points is the humble contact form. But what if you could instantly send that data to any REST API, CRM, or business tool without writing a single line of code?
In this guide, we'll break down the top ways to send form data to any REST API instantly, whether you're a marketer looking to sync leads with HubSpot, a developer integrating with a third-party service, or a startup founder automating lead routing.
Why Send Form Data to a REST API?
Forms are the gateway to lead capture, support tickets, user feedback, and countless other business operations. Traditionally, form submissions are emailed to inboxes or stored in local databases. But modern businesses need more than static email notifications—they need automation.
Benefits of Sending Form Data to an API:
✅ Instant lead routing to sales CRMs
✅ Real-time notifications in tools like Slack or Discord
✅ Dynamic updates to Google Sheets, Notion, or Airtable
✅ Task creation in platforms like Asana or Trello
✅ Workflow automation via Zapier, Make, or custom APIs
Now, let’s look at the top methods to make this happen.
1. Use a No-Code Tool Like ContactFormToAPI
If you want the fastest, most flexible way to connect a contact form to any REST API, tools like ContactFormToAPI are ideal.
How It Works:
Create an endpoint using the platform
Add a form or use your existing one (e.g., Contact Form 7, WPForms, Webflow)
Map form fields to the API request
Instantly POST data to any REST API with custom headers, tokens, or JSON payloads
Key Features:
No coding or backend setup required
Supports authentication, headers, and retries
Works with any form builder (WordPress, Framer, custom HTML, etc.)
Best For: Non-technical users, marketers, and teams needing fast setup.
2. Connect Your Form with Webhooks
Webhooks are the go-to option for real-time communication between your form and an API. Most modern form builders support webhooks.
How It Works:
Add a webhook URL to your form settings
When the form is submitted, the data is sent (usually via POST) to the API endpoint
Customize headers and payloads depending on the API spec
Supported By:
Contact Form 7 (with Flamingo or webhook add-ons)
Gravity Forms (via webhook add-on)
Typeform, Jotform, and others
Example Use Case:
Send new form submissions to a custom CRM endpoint or a third-party lead processing API.
Pros:
Native in many platforms
Flexible and fast
Secure (especially with token-based auth)
Cons:
Requires some technical knowledge to configure headers and payloads
Error handling and retry logic must be managed separately
3. Zapier or Make (Integromat) Integrations
Zapier and Make are automation platforms that bridge your form and any REST API using visual workflows.
How It Works:
Connect your form app as a trigger (e.g., Webflow form submitted)
Use HTTP modules in Zapier/Make to send the data to your desired REST API
Customize payloads, authentication, and error handling visually
Great For:
Teams already using Zapier for other automations
Integrating multiple services in a chain (e.g., form → CRM → Slack)
Pros:
Visual editor makes the setup easier
Supports delays, conditions, and filters
1000s of integrations built-in
Cons:
Monthly cost based on task volume
Latency (not always instant on free plans)
Less flexible than custom code or backend solutions
4. Use JavaScript Fetch/AJAX in the Front-End
If you're building your own form and want to send data instantly to an API, you can do it directly using JavaScript.
Sample Code:
js
CopyEdit
document.getElementById("myForm").addEventListener("submit", async function(e) {
e.preventDefault();
const formData = new FormData(this);
const data = Object.fromEntries(formData.entries());
const response = await fetch("https://api.example.com/leads", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_KEY"
},
body: JSON.stringify(data)
});
const result = await response.json();
console.log(result);
});
Pros:
Full control over how data is sent
Great for SPAs or static sites
Cons:
No fallback or retry logic
Exposes API keys unless properly protected
Not suitable for non-technical users
5. Build a Serverless Function or Backend Proxy
For more secure and robust form handling, use a serverless function (e.g., AWS Lambda, Vercel, Netlify Functions) or a backend API that proxies requests.
Flow:
Front-end form submits data to your serverless function
The function processes the data and calls the third-party REST API
You can log, sanitize, validate, and authenticate safely
Pros:
Secure: keeps tokens and logic server-side
Scalable and powerful
Supports retry and error handling
Cons:
Requires development time
Hosting knowledge needed
Use Case Example:
A startup that routes leads from multiple landing pages through a backend proxy to distribute them to various API endpoints based on rules.
6. Use Built-In API Integrations from Form Builders
Some advanced form builders include direct integrations with REST APIs or offer HTTP Request functionality.
Examples:
WPForms: With Webhooks or Zapier add-ons
Forminator (WPMU Dev): Built-in webhook support and API customization
Jotform: Can send submissions to any API endpoint via webhook
Best For: Users already using these platforms who don’t need additional tools
Final Thoughts
Sending form data to a REST API instantly doesn't have to be complicated. Whether you're a solo founder, growth marketer, or developer, there’s a method that fits your stack and your skill level.
If you're looking for the easiest and most flexible way to connect forms to any API, tools like ContactFormToAPI make it incredibly simple—no code, no backend, no hassle. With the right setup, your forms can become the starting point of fully automated, efficient business workflows.
0 notes