purposes. All public accesses should always use the /cxs/context.json endpoint for consistency and security. 3.1.4. HOW TO UPDATE A PROFILE FROM THE PUBLIC INTERNET Before we get into how to update a profile The problem with this, is that any attacker could simply directly call step 3 without any kind of security. Instead the flow should look something like this: 1. Login to a social platform 2. Call back used, but it really should never be done like this in production because of the aforementioned security issues. The second method, although a little more involved, is much preferred. When sending a login

30 2.5.7. REST API Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.5.8. Scripting security . . . . . . . . . . . . . . . 39 Apache Unomi 1.x - Documentation - 1 2.5.16. ElasticSearch authentication and security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2.6. Useful purposes. All public accesses should always use the /context.json endpoint for consistency and security. 2.2.3. HOW TO UPDATE A PROFILE FROM THE PUBLIC INTERNET Before we get into how to update a profile

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.6.4. REST API Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Unomi plugins or via the provided REST APIs. However, access to REST APIs is restricted due for security reasons, requiring privileged access to the Unomi server, making things a little more complex to minutes. At the end, you should have about 4 million entries in the geonames index. 2.6.4. REST API SECURITY The Context Server REST API is protected using JAAS authentication and using Basic or Digest HTTP