Board Thread:The Quarters - Q & A/@comment-178.201.250.152-20140328120145/@comment-24459124-20140329001652

LadyAlys: One thing comes to mind regarding the usability--the ability to feed the UUID (and potentially the API Token) into the page without the need to copy and paste it in each time you hit the page. Simplicity + bookmarkability suggests GET parameters, i.e.

https://oldgods.net/habitrpg/habitrpg_user_data_display.html?uuid= &token=

The only issue I can see with that is perhaps anyone who can see the web server logs may be able to see the GET url, and thereby gain access to any user's backend API.

Another option could be javascript localStorage, but I have never dealt with that at all.