[asterisk-app-dev] Removal of api_key
David M. Lee
dlee at digium.com
Thu Oct 17 09:05:57 CDT 2013
On Oct 17, 2013, at 12:22 AM, Paul Belanger <paul.belanger at polybeacon.com> wrote:
> Now, the reason for having it was because this was the default way
> swagger passed credentials via HTTP. I'm not sure why they didn't
> simply add http://username:password@example.org support, but that is a
> different issue (in fact I plan to open a bug upstream).
There have been a few cases where an HTTP or WebSocket client library
didn't support HTTP Basic auth. Putting the HTTP Basic auth header in
there is not hard, but adding an ?api_key param is dead simple.
> In fact, I strongly think we should be hosting our own content, simply
> because we can control it and it is the friendly thing to do. Pushing
> all our users to [3] doesn't appear to be too friendly, plus just
> imagine all the asterisk themeing that could be done to it.
Agreed. http://ari.asterisk.org is now live (also
https://ari.asterisk.org, if you enable TLS in http.conf)
The code posted there is from my fork on GitHub[1]
> Don't get me wrong, I would be infavor of implementing some sort of
> OAuth key over the ARI, but I don' think that is in the cards at this
> point in time. And again, I think api_key is just implemented to work
> around the fact that [3] does pass basic-auth.
I don't see why adding OAuth would be any less redundant than
?api_key.
--
David M. Lee
Digium, Inc. | Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-app-dev
mailing list