Does API Really Require a User Name?

Printer Friendly Version Attach Files

wdavatar?user=ed-johnson
Ed Johnson
14 Jul 2010 00:56. Edited 0 times. (Edit, Permalink)

I don't think a user name is actually required to use your API key. I was fooling around with STE API settings while working on the documentation page I just created and discovered that I could put anything or nothing in the user name field and I can still import, export and preview pages.

According the the API docs:

You must use HTTP Basic Authorization with the following credentials:

  • user: the name of application that connects to API
  • password: the unique API key of a user

user and name of application are not very clear, but it appears that the API key is what is doing the authentication and the user field is used to create some unique internal name or something.

Can others test and confirm or deny my findings?

Included page "inc:signature" does not exist (create it now)

wdavatar?user=leiger
leiger

14 Jul 2010 01:14. Edited 0 times. (Edit, Permalink)
You're right, that is strange. I just changed my username field to something completely different and it still worked fine. So the API key is all that is needed to authenticate through the API.

I think this is a question that needs to be asked on developer.wikidot.com — it may be worth me removing that username field in the next version of STE to make things simpler. Or at the very least, I could leave it there but try to get the user.valid method working. I assume the purpose of that method is to check a username against an API key to see if they match.

Included page "inc:signature" does not exist (create it now)

wdavatar?user=james-kanjo
James Kanjo

18 Jun 2011 15:43. Edited 0 times. (Edit, Permalink)
I think that “user name” thing was supposed to be the name of the API client being used… i.e. “STE” is using API key “asdfasdf”.

Included page "inc:signature" does not exist (create it now)

wdavatar?user=leiger
leiger

19 Jun 2011 01:59. Edited 0 times. (Edit, Permalink)
Yes, the user and password fields are actually used for Application Name and API Key, respectively.

Currently the application name is not actually used by Wikidot at all, but as far as I understand you will be able to set application-specific settings (or app-specific API keys) in the future and this may be how an application identifies itself (user = application API key, password = user API key).

Included page "inc:signature" does not exist (create it now)

Post Reply

Add reply on "Does API Really Require a User Name?"

Printer Friendly Version Attach Files

CSS Theme, Images and Code on this website are © Shane Smith 2010-2012. All forum posts by users and documentation licensed under Creative Commons BY-NC-SA 3.0 License.