Re: [Less Accounting API] Authentication

[Steven Bristol]

On Thu, Jun 28, 2012 at 1:40 AM, Wade <wa...@zapier.com> wrote:
> Quick question:
>
> It looks like to authenticate users I need to have them give us their
> username and password in addition to their API key. Is that correct?
>
> I'd rather not store usernames and passwords in our DB.
>
> Wade



Two things to know:

1. Users do not need an api key. Your app needs one apikey and you
should send the same key for each request.

2. Users should not give you their password. Instead you should create
an account in LA and users should add your user as a trusted member of
their business.

cheers,
steven bristol

[Wade]

Cool. So I'm going about the API docs trying to find out how a LA user would add us as a user to their account and can't seem to find any information about it. Am I just missing it?

Is there a particular reason that OAuth or a true implementation of Basic Auth isn't used? We've seen a lot better success from apps that follow one of those routes for integrating into Zapier.

Wade

[Steven Bristol]

On Thu, Jun 28, 2012 at 3:23 PM, Wade <wa...@zapier.com> wrote:
> Cool. So I'm going about the API docs trying to find out how a LA user would
> add us as a user to their account and can't seem to find any information
> about it. Am I just missing it?

There's nothing in the api docs about. I'm planning on adding it.

>
> Is there a particular reason that OAuth or a true implementation of Basic
> Auth isn't used? We've seen a lot better success from apps that follow one
> of those routes for integrating into Zapier.

We did the api many years ago. We have plans to make a new version of
the api (in addition to the current version) that will be "proper."


cheers,
steven bristol

[Wade Foster]

Awesome! Let me know if you'd like some help with the new API. We've worked with 50-60+ APIs now so we tend to know what works well and what doesn't. Happy to be a sound board. 

Wade

--
You received this message because you are subscribed to the Google Groups "Less Accounting API" group.

To post to this group, send email to less-acco...@googlegroups.com.
To unsubscribe from this group, send email to less-accounting...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/less-accounting-api?hl=en.

--
Wade Foster

Co-founder - Zapier.com

Follow us on Twitter for updates

[Wade]

So poking around this more. So the intended way for someone to add us as a trusted user is through this feature right? An LA user would need to send us an email and then we'd have to manually accept their invite? 

[Steven Bristol]

On Sat, Jun 30, 2012 at 3:02 AM, Wade <wa...@zapier.com> wrote:

So poking around this more. So the intended way for someone to add us as a trusted user is through this feature right? An LA user would need to send us an email and then we'd have to manually accept their invite? 

That's correct. That's how they should invite you. But there is no need to accept the invite. Once invited your user is immediately added the business and you have immediate access to their data. You'll still need to know their subdomain. If you'd like your app can check the email address and automatically start working once the email arrives. Or you can have the user click a button.

In the next version of the api I'd like to do callbacks. I assume you'd like that?

cheers,

steve

[Wade Foster]

Ok that makes sense.

I would say the best thing for the future is to follow straight OAuth2 spec. GitHub does a very nice job at this if you are looking for an example.

If you want to stick with a Basic Auth version I would look at Stripe as an example. Chargify and Recurly are also pretty straight forward in this regard.

Wade

--
You received this message because you are subscribed to the Google Groups "Less Accounting API" group.

To post to this group, send email to less-acco...@googlegroups.com.
To unsubscribe from this group, send email to less-accounting...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/less-accounting-api?hl=en.