[openspending-dev] api key
Alberto Rodriguez Peon
alberto.rodriguez.peon at cern.ch
Mon Aug 19 07:19:51 UTC 2013
Hi Tryggvi,
Sorry, my question was a bit unclear.
I assumed that using the API key to authenticate the user is the right way. The problem is that exposing the API key as a request parameter can be very dangerous (it can be intercepted).
Maybe an option to avoid this is having two keys, a public key that can be exposed and a private key that is used only for signing each request. For example: http://developers.issuu.com/api/signingrequests.html
How Openspending is using this key in other parts of the API?
Cheers,
Alberto
________________________________
From: Tryggvi Björgvinsson [tryggvi.bjorgvinsson at okfn.org]
Sent: 17 August 2013 19:03
To: Alberto Rodriguez Peon
Cc: openspending-dev at lists.okfn.org
Subject: Re: [openspending-dev] solr problem during installation and more
On mán 12.ágú 2013 11:26, Alberto Rodriguez Peon wrote:
However, the creator of the dataset has to be declared somewhere. How it will be the correct way to authenticate the REST request for the user who is creating the dataset? (signing the request with the API key, maybe?)
Hi Alberto,
Sorry for the late reply. The correct way to authenticate the request would be via the API key yes. Each account is connected to a single API key so you can use that to declare the creator of the dataset.
--
Tryggvi Björgvinsson
Technical Lead, OpenSpending
The Open Knowledge Foundation<http://okfn.org>
Empowering through Open Knowledge
http://okfn.org/ | @okfn<http://twitter.com/OKFN> | OKF on Facebook<https://facebook.com/OKFNetwork> | Blog<http://blog.okfn.org/> | Newsletter<http://okfn.org/about/newsletter>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/openspending-dev/attachments/20130819/eadc3f4f/attachment.html>
More information about the openspending-dev
mailing list