[openspending-dev] api key

Alberto Rodriguez Peon alberto.rodriguez.peon at cern.ch
Mon Aug 19 07:19:51 UTC 2013

Hi Tryggvi,

Sorry, my question was a bit unclear.

I assumed that using the API key to authenticate the user is the right way. The problem is that exposing the API key as a request parameter can be very dangerous (it can be intercepted).

Maybe an option to avoid this is having two keys, a public key that can be exposed and a private key that is used only for signing each request. For example: http://developers.issuu.com/api/signingrequests.html

How Openspending is using this key in other parts of the API?

From: Tryggvi Björgvinsson [tryggvi.bjorgvinsson at okfn.org]
Sent: 17 August 2013 19:03
To: Alberto Rodriguez Peon
Cc: openspending-dev at lists.okfn.org
Subject: Re: [openspending-dev] solr problem during installation and more

On mán 12.ágú 2013 11:26, Alberto Rodriguez Peon wrote:

However, the creator of the dataset has to be declared somewhere. How it will be the correct way to authenticate the REST request for the user who is creating the dataset? (signing the request with the API key, maybe?)

Hi Alberto,

Sorry for the late reply. The correct way to authenticate the request would be via the API key yes. Each account is connected to a single API key so you can use that to declare the creator of the dataset.


Tryggvi Björgvinsson

Technical Lead, OpenSpending

The Open Knowledge Foundation<http://okfn.org>

Empowering through Open Knowledge

http://okfn.org/ | @okfn<http://twitter.com/OKFN> | OKF on Facebook<https://facebook.com/OKFNetwork> | Blog<http://blog.okfn.org/> | Newsletter<http://okfn.org/about/newsletter>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/openspending-dev/attachments/20130819/eadc3f4f/attachment.html>

More information about the openspending-dev mailing list