Recommended method for getting API key for a user

684 views
Skip to first unread message

Roarster

unread,
May 24, 2012, 3:55:10 PM5/24/12
to django-...@googlegroups.com
Hi,

I'm developing a Django website with a companion mobile app (Android/iOS) and I've started using Tastypie with APIKeyAuthentication for the API.  One thing I'm not sure about is the best method for a user of the mobile app with an existing account to authenticate with the site and get their API key onto their mobile device.  The best way I can think of doing this is to create an AuthenticateUser endpoint which accepts a username and password combination and returns the API key if these are valid and an error code otherwise (401 I would assume).  To me this seems straightforward enough but I haven't been able to find any examples of anyone taking this approach which makes me wonder if I'm maybe doing something stupid.  Does anyone have any opinions on my approach or can even recommend an alternative that would be better.

Thanks.

Mike Urbanski

unread,
May 24, 2012, 6:26:17 PM5/24/12
to django-...@googlegroups.com
One of my posts from a few weeks ago applies.  


Why not use BASIC AUTH+SSL?


~Mike

Roarster

unread,
May 24, 2012, 7:08:40 PM5/24/12
to django-...@googlegroups.com
Thanks for replying Mike.

Would the login method you mention be part of the Tastypie API or do you think this should be something separate on the site?  If it was part of the API I would assume it would be a GET call which would then (I think) expose the username and password in the query string.  If it was separate from the API then I guess I could post to a form and return the API key as part of the response which to me seems a bit more secure.
Reply all
Reply to author
Forward
0 new messages