Page 1 of 1
API authentication with cookies
Published: May 22, 2018 - 1:36 PM
by mayasd
Hello,
is it possible to authenticate to the API using a cookie or token? If not, is this planned for a future version?
Re: API authentication with cookies
Published: May 23, 2018 - 10:58
by dcardon
Hello Mayasd,
mayasd wrote: ↑May 22, 2018 - 1:36 PM
Is it possible to authenticate to the API with a cookie or token? If not, is this planned for a future version?
The various actions initiated by the console are authenticated with a session. You must authenticate once, then you can use a token. That said, these are not persistent sessions, nor are they API tokens. There is no roadmap for that.
Regarding your WAPT web interface project, do you intend to create an interface solely for viewing or for more advanced features such as package editing, etc.? WAPT security is based on signatures and private keys, and the private key should not be hosted on a web server, as this compromises the security model.
Sincerely,
Denis
Re: API authentication with cookies
Published: May 28, 2018 - 1:49 PM
by mayasd
The various actions initiated by the console are authenticated with a session. You must authenticate once, then you can use a token. That said, these are not persistent sessions, nor are they API tokens. There is no roadmap for that.
Thank you, it does indeed work.
Regarding your WAPT web interface project, do you intend to create an interface solely for viewing or for more advanced features such as package editing, etc.? WAPT security is based on signatures and private keys, and the private key should not be hosted on a web server, as this compromises the security model.
Sincerely,
Denis
For the moment there is nothing in the immediate future regarding the creation or editing of packages and if that were to happen, we take careful note of how you have implemented security.