Discussion about API tokens
6 views
Skip to first unread message
![Álvaro Justen [Turicas]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXBcQXThlzweDwwnyeZk0O8kG17NFWSeKqcGPhsCM3DVpfVyhJGJg=s40-c)
Álvaro Justen [Turicas]
Dec 27, 2013, 1:48:02 AM12/27/13
to py...@googlegroups.com
Hi people,
I'm thinking about use of API tokens and have some questions that I'd
like to discuss with you to drive the next features related to the
API:
- How many "features" the user will access with her token? For
example: is she able to change her password with the token?
- How many tokens (and which) a user should have? For example: one for
read-only access, another for read-write or tokens in a per-corpora
basis etc.
We may can be inspired by the way Facebook do it:
https://developers.facebook.com/docs/facebook-login/access-tokens/
You can even select what information that API token will have access:
https://developers.facebook.com/tools/explorer
(click on "Get Access Token")
What I propose:
- One "root" token that have ilimited access for the entire account
(can create corpora, upload documents, read documents' properties,
change user account data and manipulate API Tokens);
- User will be able to create customized tokens:
* Read-only token for accessing specific corpora;
* Read-write token for accessing specific corpora.
With these features we could have, for example, a research group
owning only one account and delegate access to the members or even
share a public token with read-only access to a specific research
corpus.
[]s
Álvaro Justen "Turicas"
http://turicas.info/ http://twitter.com/turicas
http://CursoDeArduino.com.br/ http://github.com/turicas
+55 21 9 9898-0141
I'm thinking about use of API tokens and have some questions that I'd
like to discuss with you to drive the next features related to the
API:
- How many "features" the user will access with her token? For
example: is she able to change her password with the token?
- How many tokens (and which) a user should have? For example: one for
read-only access, another for read-write or tokens in a per-corpora
basis etc.
We may can be inspired by the way Facebook do it:
https://developers.facebook.com/docs/facebook-login/access-tokens/
You can even select what information that API token will have access:
https://developers.facebook.com/tools/explorer
(click on "Get Access Token")
What I propose:
- One "root" token that have ilimited access for the entire account
(can create corpora, upload documents, read documents' properties,
change user account data and manipulate API Tokens);
- User will be able to create customized tokens:
* Read-only token for accessing specific corpora;
* Read-write token for accessing specific corpora.
With these features we could have, for example, a research group
owning only one account and delegate access to the members or even
share a public token with read-only access to a specific research
corpus.
[]s
Álvaro Justen "Turicas"
http://turicas.info/ http://twitter.com/turicas
http://CursoDeArduino.com.br/ http://github.com/turicas
+55 21 9 9898-0141
Flavio Coelho
Dec 27, 2013, 4:34:58 PM12/27/13
to py...@googlegroups.com
I like your suggestion. It's a good idea to start from existing models and adapt to our needs.
--
You received this message because you are subscribed to the Google Groups "PyPLN" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pypln+un...@googlegroups.com.
To post to this group, send email to py...@googlegroups.com.
Visit this group at http://groups.google.com/group/pypln.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages