API key and shared secret for an end-user software

[Johan Nilsson]

Hi!

I am currently building an open-source piece of software intended to end-users. I've got my API key and shared secret. Since this software I'm developing is for end-users, how do I use my API key and shared secret? Are those to be regarded as specific to the software or to the user? I mean, should each user of my software have to get their own API key and shared secret or can I put those in the software?

[jcolem...@gmail.com]

Without knowing exactly what type of application you're building, it's hard to say exactly but I'll give my thoughts.

You wouldn't have each user get their own key and shared secret.

Follow the process for user authentication here: https://www.rememberthemilk.com/services/api/authentication.rtm

Once you get the token for the user, you can store that with the user profile in your database.

You may know this but since you mentioned that it will be open-source, I should mention to make sure that you don't commit your key and secret into your source code. It should rather be used as an environmental variable on your server.

[Goo...@codewax.org]

Hi,

They are for the software not per user. Use them to get a token from the API for each user and then use the token to interact with their account on their behalf.

Give this page of the docs a read for more information, https://www.rememberthemilk.com/services/api/authentication.rtm

Chris.

[Johan Nilsson]

Thanks for the heads up regarding not committing the API key and shared secret to VCS.

I should have been more clear with the software I'm developing. It's a program run in the terminal by a single user. That user should log in to their account either interactively or by having their credentials in a config file. When logged the program can do calculations on chosen lists or smartlists (for example, total estimated time for each priority level, all tasks that have a combined time estimation of less than or equal to 8, that sort of thing). It should also be able to add tasks from a CSV file the program parses. The program is mainly for my own purposes and specific needs, but I thought why not also share it with the world.

So, my problem is that the users are not centrally stored as they would if the software were running on a web server. My intention is to have a stand-alone program that anyone can download and run locally on their own system. Is this possible for me to do? My only experience with API keys for other services has been developing web based applications run on a server.

[Jonathan Coleman]

Yeah, I think in that case you could either have the user get their own API key (probably the best in your case) or initiate the same authentication process from the command line and store the resulting key in a config file. The problem with the latter approach is that you'd have to include your own API key unless you built a server application strictly used for authentication.

Jonathan Coleman

--

---
You received this message because you are subscribed to the Google Groups "Remember The Milk API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rememberthemilk...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rememberthemilk-api/912d6abf-5e05-43db-97bd-8e5069374871n%40googlegroups.com.

[Johan Nilsson]

Thanks Jonathan for your help! I will go for your first solution and require other users to get their own API key and shared secret. No need to complicate things, especially since it will most likely be only me who will use the software. :)

// Johan Nilsson