Which authentication to use?
268 views
Skip to first unread message
Marty Vance
Oct 5, 2017, 3:07:49 PM10/5/17
to Bitly API
I'm working on an intranet web application for a professional office. The feature I'm currently implementing is to send SMS messages (containing links) to selected clients throughout each day. This application can access the internet, but there is no access to it outside the local office network.
The application needs to create links, fetch link traffic stats, fetch new auth tokens for itself when needed, and monitor the bitly account status... with no user involvement At least part of this will be running as a cron.
I have a Bitly account, registered an app, got client ID and secret... but none of the authentication methods are suitable. I put a redirect URI on the app registration, but once I realized the "normal" process sent me to a bitly form, that was out. The only purpose the redurect URI would serve me is scraping the added parameters from it.
The other automated methods all use the bitly account username and password in some form, yet the documentation states applications are never to cache those locally. Does that only apply to their raw form, or is the base64encode(login:password) form acceptable to cache?
Which grant type am I supposed to use for fully automated API access? APIKEY access would work, but it's deprecated and to me it's not obvious what the suitable OAuth2 replacement is.
The application needs to create links, fetch link traffic stats, fetch new auth tokens for itself when needed, and monitor the bitly account status... with no user involvement At least part of this will be running as a cron.
I have a Bitly account, registered an app, got client ID and secret... but none of the authentication methods are suitable. I put a redirect URI on the app registration, but once I realized the "normal" process sent me to a bitly form, that was out. The only purpose the redurect URI would serve me is scraping the added parameters from it.
The other automated methods all use the bitly account username and password in some form, yet the documentation states applications are never to cache those locally. Does that only apply to their raw form, or is the base64encode(login:password) form acceptable to cache?
Which grant type am I supposed to use for fully automated API access? APIKEY access would work, but it's deprecated and to me it's not obvious what the suitable OAuth2 replacement is.
Peter Herndon
Oct 25, 2017, 1:23:02 PM10/25/17
to Bitly API
Hi Marty,
Unless your app will be built to allow users to use their own individual Bitly accounts, you don't need to worry about all that. Instead, generate a generic OAuth access token, store that as configuration in your application, and use that for all your API calls. Any Bitlinks generated will show up under that account.
Regards,
---Peter
Peter Herndon
Sr. Backend Engineer
@Bitly
Reply all
Reply to author
Forward
0 new messages