I switched from OH2 to OH3 this week.Long time ago I wrote some small nodejs apps that interact with the REST API which help me to maintain my items and things. I was prepared that they would not work anymore as I would have to implement support for authentication.
When I tested my apps today (without any code changes in my nodejs apps) I was puzzled that some REST API methods still work while others throw errors because of authentication problems (as expected).
It seems that for example GET/things is not protected by authentication, even without sending auth data the OH server returns all things. This can also be reproduced by a simple browser call:
Other methods like GET/links however seem to be protected, they work when passing auth parameters but not with a simple browser call:
I am on OH3 Snapshot 2028 and the REST API is called from another computer in the local network.
Is this expected behaviour?