You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django-...@googlegroups.com
Hi,
I'm developing a Django website with a companion mobile app (Android/iOS) and I've started using Tastypie with APIKeyAuthentication for the API. One thing I'm not sure about is the best method for a user of the mobile app with an existing account to authenticate with the site and get their API key onto their mobile device. The best way I can think of doing this is to create an AuthenticateUser endpoint which accepts a username and password combination and returns the API key if these are valid and an error code otherwise (401 I would assume). To me this seems straightforward enough but I haven't been able to find any examples of anyone taking this approach which makes me wonder if I'm maybe doing something stupid. Does anyone have any opinions on my approach or can even recommend an alternative that would be better.
Thanks.
Mike Urbanski
unread,
May 24, 2012, 6:26:17 PM5/24/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django-...@googlegroups.com
Thanks for replying Mike.
Would the login method you mention be part of the Tastypie API or do you think this should be something separate on the site? If it was part of the API I would assume it would be a GET call which would then (I think) expose the username and password in the query string. If it was separate from the API then I guess I could post to a form and return the API key as part of the response which to me seems a bit more secure.