I'm trying to figure out if it's safe to make POST requests to my workplace's server, which hosts duty rosters. To access it, I first have to log in to get a bearer token. Once I have the token, I can request the roster info.
Here's what I've set up to avoid causing any issues:
- I introduce a random delay of 10 to 60 seconds between each request because I need to send 4-5 requests to get the roster.
- I save the roster in a variable on my server for 12 hours before fetching it again, rather than writing it to a file, to limit the load on their server.
The cached roster can be requested through my server using an API key to prevent unauthorized access. My server uses HTTPS, and I have my login info stored securely in a Docker environment variable, planning to utilize Docker secrets.
What's concerning is that this work server, while accessible from the public internet, is meant solely for employees. Can anyone tell me if this approach is safe or if I'm risking any legal troubles, especially under EU/German law?
0 Answers
There is no answer to this question yet. If you know the answer or can offer some help, please use the form below.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads