The API token you provided should have the option to disable/enable it, And I noticed that the token doesn’t get deactivated(deleted) even after deleting the token which means the token still works even after deleting it which is obviously a security issue as the token is a very crucial thing as the access token can be used to place the order.
so my humble request is to add the option to deactivate and activate the token as well.
Bumping this up @PravinJ @Hardik
A deleted token should be not able to perform actions. This is a security flaw
This seems like an old issue which was not validated. We tried replicating the scenario even now after you bumped this up but couldn’t find the
flaw as stated here.
Let us know if you were able to replicate this issue at your end.
We consider product security as one of the key aspects for product testing. Rest assured, all our APIs are thoroughly tested and secure.