Hi AutoMQ team,
While performing API testing on the Playground
environment (playground.automq.cloud), I noticed
that the following endpoint returns 200 OK
regardless of authentication credentials:
GET /api/v1/instances
Tested scenarios:
- Valid credentials → 200 OK
- Invalid credentials (@@@@ + @@@@) → 200 OK
- No auth at all → 200 OK
Note: console.automq.cloud correctly returns
401 for unauthorized requests.
Could you confirm:
- Is the Playground API intentionally open
without authentication for demo purposes?
- Or is this a security oversight that should
be addressed?
This will help me accurately document my
findings in my QA testing report.
Thank you!
Meraj Alam
Hi AutoMQ team,
While performing API testing on the Playground
environment (playground.automq.cloud), I noticed
that the following endpoint returns 200 OK
regardless of authentication credentials:
GET /api/v1/instances
Tested scenarios:
Note: console.automq.cloud correctly returns
401 for unauthorized requests.
Could you confirm:
without authentication for demo purposes?
be addressed?
This will help me accurately document my
findings in my QA testing report.
Thank you!
Meraj Alam