API security.
You can't obviously access all devices of a random server. The reason it works for you is probably because you are already logged in.
I made an API token using SQL. Is there a better way to generate it?
I logged out, then sent a request with the API key and got the devices, now I don't supply the API key and I get the devices.
If you get devices, it means you are logged in.
You can set token using API or web app.
Ok, I logged out.
Is traccar API secure?
It sends me back information about devices on my system when I don't supply an API key. There's no step in the software to configure an API key by default it sends data. If I find a server online that has port 8082 open, can I have all the devices?