Hi people,
I'm thinking about use of API tokens and have some questions that I'd
like to discuss with you to drive the next features related to the
API:
- How many "features" the user will access with her token? For
example: is she able to change her password with the token?
- How many tokens (and which) a user should have? For example: one for
read-only access, another for read-write or tokens in a per-corpora
basis etc.
We may can be inspired by the way Facebook do it:
https://developers.facebook.com/docs/facebook-login/access-tokens/
You can even select what information that API token will have access:
https://developers.facebook.com/tools/explorer
(click on "Get Access Token")
What I propose:
- One "root" token that have ilimited access for the entire account
(can create corpora, upload documents, read documents' properties,
change user account data and manipulate API Tokens);
- User will be able to create customized tokens:
* Read-only token for accessing specific corpora;
* Read-write token for accessing specific corpora.
With these features we could have, for example, a research group
owning only one account and delegate access to the members or even
share a public token with read-only access to a specific research
corpus.
[]s
Álvaro Justen "Turicas"
http://turicas.info/ http://twitter.com/turicas
http://CursoDeArduino.com.br/ http://github.com/turicas
+55 21 9 9898-0141