I'm trying to make a POST request to my work's server, which provides duty rosters, but I'm not sure if it's safe or if I might face any repercussions. To access the server, I need to log in first to obtain a bearer token, which I then use to fetch the roster. I'm trying to be careful to avoid putting any unnecessary load on their server, so I've built in a random delay of 10 to 60 seconds between each request since I need about 4-5 requests to gather the information. The fetched roster is stored temporarily for 12 hours in a variable on my server before it needs to be updated again.
The cached roster can be accessed via an API key to prevent unauthorized users from retrieving it, and my server is secured behind Caddy with HTTPS. I've also stored my login credentials securely using Docker environment variables and plan to implement Docker secrets. I know that when accessing the server through a browser, similar HTTP requests are made in the background while inspecting the network.
However, I'm concerned about the legality and safety of this setup, especially given the data protection laws in the EU/Germany. Can anyone provide insight into whether this approach is safe or if there are potential legal issues I should be worried about?
1 Answer
From a technical standpoint, your setup seems as safe as it can be. Just make sure you're not violating any access agreements with your company's server. It might also be good to check if there are any internal policies regarding data handling and access to ensure you're in the clear on that front.
They don't have any official terms of service since it's an internal server, but it is accessible from the public internet as long as you log in.