Page MenuHomePhabricator
Create Task
Maniphest T382998

Add authentication to the XTools API
Open, Needs TriagePublic
Actions

Description

This would allow us to provide the same increased limits that we provide for logged-in users of the client application. See T182182 for example.

Implementation details to-be-determined, but we might explore Symfony's AuthenticatorInterface.

Ideally it would work where clients only need to provide their own unique API key. One simple way of doing this is to provide a new web endpoint such as xtools.wmcloud.org/api/auth that will require you to login with OAuth. Once logged-in, it will give you your API key that is unique for that user. Store it in the Trove db, and check against that on each request (and maybe cache active API keys for performance, or something).

Unauthenticated use of the API should still be allowed, but subject to the same limitations it has currently.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenBUG REPORTNoneT392694 Page.authorship() does not work without login
 OpenNoneT382998 Add authentication to the XTools API
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits