JSON endpoint privacy

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

Author

Posts
May 28, 2018 at 3:56 pm #432478

Alex Howes
Expired Member

Post count: 175

Hello,

I’m concerned about the information available publicly in the JSON endpoints, for two reasons.

1) I charge users of my site to access some of this information (contact details), so I’m concerned that if they managed to find the endpoint, they’d have access to everyone’s for free.
2) Since the endpoints are public, I’m not sure how this would be acceptable under the new privacy policy regulations.

Thanks!
Alex

May 28, 2018 at 5:44 pm #432490

Stiofan O’Connor
Site Admin

Post count: 22956

Hi Alex,

What info are you worried about being revealed exactly?

Stiofan

May 28, 2018 at 6:11 pm #432496

Alex Howes
Expired Member

Post count: 175

Hi Stiofan,

I’m most concerned about the personal data that is entered into listings, like email addresses, telephone numbers, and names.

Alex

May 29, 2018 at 9:43 am #432555

Stiofan O’Connor
Site Admin

Post count: 22956

Most all of this is for the express purpose of displaying to the public (unless you have a special directory), we add a privacy policy helper text explaining this.

The user has a reasonable expectation that their info will be public as this is the purpose of the form, in most cases this is done for the legal reason of “legitimate business interests”.

Stiofan

May 29, 2018 at 7:44 pm #432635

Alex Howes
Expired Member

Post count: 175

Hi Stiofan,

I agree that making non-personal data public is expected, but as for names, telephone numbers, email addresses, and possibly addresses, I think these ought to be protected. A lot of sites assure their users that they will never display contact details publicly, or at least offer the option to keep them hidden.

Is there a way to hide the JSON endpoint pages? Or to protect them with a password, or something?

Alex

May 30, 2018 at 10:06 am #432744

Stiofan O’Connor
Site Admin

Post count: 22956

Hi Alex,

In most cases this won’t be a problem (though i don’t know your exact case) If a user is entering their info usually to advertise a business or service then they will need to post and display their contact details and this is expected behavior of the form.

In GDv1 the endpoints don’t show the custom fields unless you have the API plugin installed.

Maybe if i knew what kind of directory you are making i could advise better?

Stiofan

May 30, 2018 at 10:51 am #432758

Alex Howes
Expired Member

Post count: 175

Hi Stiofan,

My site is a job and review site. My CPTS are farms, jobs, and resumes, where farms and jobs are linked. Like most job sites, when someone applies to a job the application is sent via a form to avoid displaying the email address publicly on the site. Workers can list resumes on my site and employers can pay to see their contact details, which are sent to them in an email (and not displayed publicly).

Although I’ve hidden all contact details on my site, I’m concerned about them being public in the JSON endpoints, partly because of the paying for contact details side of things, and partly because most people don’t want their contact details displayed publicly.

Alex

May 31, 2018 at 12:21 pm #432928

Stiofan O’Connor
Site Admin

Post count: 22956

If you don’t have the GD api plugin active then they won’t be in any API end points.

Stiofan

May 31, 2018 at 2:43 pm #432944

Alex Howes
Expired Member

Post count: 175

Ah cool, thanks 🙂

I know this might sound like a stupid question, but how do I know if I’m using the API or not?

May 31, 2018 at 3:27 pm #432947

Stiofan O’Connor
Site Admin

Post count: 22956

You would have to have manually downloaded it and installed it. It would show as a widget “GeoDirectory Rest API”

Stiofan
Author

Posts

Viewing 10 posts - 1 through 10 (of 10 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

How to open a new support ticket

Support Policy

Support Forum Search