API authentication #275
Labels
No labels
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Plume/Plume#275
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently the API doesn't require authentication. It is not a real problem yet, as the two routes we implemented are read-only, but for routes that will add/change user content, request should be authenticated.
Here is how I see it (tell me if you think something is wrong with this design, I'm not used REST APIs):
Authorization
header for authenticated API requestsPlume version (and/or commit): 0.2.0
APIs usually use OAuth authentication. I don't know if there are any crates for it (I saw lots of client-side, but not that much servers-side implementation on crate.io), but I think the best way is probably to use that as it's standard