Hello there,
after developing a long time a new cashback toolbar, I got this message from a reviewer:
- We don't allow add-ons to use remote APIs because they can create serious security vulnerabilities. Please insert those APIs locally from your add-on code.
Before developing I explored the code of other cashback companies. There are two several ways to do a cashback toolbar:
- Login from toolbar via REST API, get access token. Then on every page request check if current visited url is a cashback shop
- Periodically get complete cashback shop list via REST API Url and then check current visited url with downloaded shop list (local db)
I used the first way. But I am confused to get that reviewer feedback. How to solve it?
How to get remote data and login from toolbar settings window? I think its not possible without remote api. Why are other cashback addons are granted?
Or can it be that the reviewer is new?
If here is any another reviewer, Toolbar Name is CASHCOW, got this message two hours before…
Best regards,
Sven