Postavio sam jedno polu teorijsko, polu praktično pitanje na SitePoint, ali ništa od odgovora. Uglavnom:
Citat:
I'm about to start working on API implementation for project management tool that I'm developing (see sig) and I have one question about API authentication.
I really like how Yahoo! does RESTful web services. Send request, get HTTP error or XML (JSON, YAML...) reply. But there is one thing that I don't really understand. Its token based authentication.
Process is pretty simple. In order to receive API key needed for authentication you need to go to website, login, set access permissions (read, read/write, levels) and when you hit submit you get redirected back to website that needs API key with generated API key. Than, and here is the part I don't understand, you need to request token. Later you use API key and token to use the service.
More details: http://upcoming.org/services/api/token_auth.php
What is the point of token? Both API key and token expire with time. Its much harder to guess two hashes than one, but still, if you have one you can retrieve other.
Any ideas. I have some, but still...
|
Izvinjavam se na lošem engleskom.