diff --git a/quovadis/quovadis.php b/quovadis/quovadis.php index ecfe215c69843fd6919a216fe79faea4cfa52dee..34124e5839d704613489aa1999ceb57ba619693e 100644 --- a/quovadis/quovadis.php +++ b/quovadis/quovadis.php @@ -210,8 +210,10 @@ $leaf->post('/register', function () use($leaf) { // Email API key email_api_key($username, $api_key); - - $leaf->response->json(["message" => "API key ".$api_key. " for " .$username." has been added and email sent"],200); + + // Don't echo API key back as sending it by email to the UCC member stops + // folks hitting the API and being able to cause havoc + $leaf->response->json(["message" => "API key for " .$username." has been added and email sent"],200); }); $leaf->post('/update-api-key', function () use($leaf) {