That being said are you planning the ability for us to restrict what data is being sent? Via hook permissions or event payload modifications. Of which, we have no controls to limit or work around it at this moment. In this current form we all would most certainly be violating all our own privacy policies by blindly sending payloads to Zapier and the like. We need to be able to see real data being sent not just an outline of data - it took me aback, when I starting seeing such data outside of my walled garden. If you currently are sending payloads from this site from topics / posts it would include many data points from each member that are traditionally for Admin eyes only. Does this pose implications with GDPR and other such laws or regulations.
I know that third party processors have their own policies and retention of data. But it reminds me of the phrase "your secret is safe with me, as long as the person I tell - doesn't tell." My only wish is to protect the reputation of this platform and our collective communities and thwart any potential fallout if a data breach occurred. Yes API's are fun and magical but should be architected with a pessimistic opinion about security and privacy - first and foremost.
I yield the soapbox. 😉
Privacy is of course very important to us, so we'll always be mindful of the data that is sent. APIs by their very nature are designed to move data between sources, and it is something that you have to enable, so it's up to the administrator to weigh up the benefits against privacy concerns and to update any privacy policy attached to the website.
It is fastenating and very encouraging where it's going – however there is much to be concern about sending data to a third party. All the web hooks run without a 'group' permission. Depending on the event its payload may include private information (names, emails, ip, address, etc ).
I would really like to see more care in restricting what is included in the payload each event.