I am trying out a RESTful API that has OAuth. I have the API base Url, the API key and the Secret.
Is it possible for me to hit that API through firefox (need to be able to choose Request Method and supply OAuth info)?
Look at https://addons.mozilla.org/en-US/firefox/addon/restclient/. It surely has OAuth support. The UI is also excellent.
Have you looked at the Poster extension? I believe it has authorization support.
https://addons.mozilla.org/en-US/firefox/addon/poster/
http://code.google.com/p/poster-extension/issues/detail?id=55
HttpRequester is really easy and fast to use. Its shortcut is Alt+Ctrl+P
Related
I am working on an automation tool that does not support Oauth specifically, but it supports adding URLs, payloads and has the following authentication methods: Basic, Digest, API Keys.
Is there a way to work around OAuth where I only use the above information and without using a callback URL so that the process is programmatic ?
Not enough information is available on this, but I tried with Google mail and had no luck.
I just watched this video about why JWT's suck. I'm now uncertain what I should use for authentication.
For context: The API I wrote is mainly used by mobile Apps (iOS and Android). In the future it will also be accessed via a React Frontend.
In the past I just used DRF's build in Token authentication. The phone would then just store this token in the storage of the respective app.
Now I've recently been told, that this is not safe and that I should use JWT's. While researching JWT's I found the video above, which elaborates on why JWT's suck and basic session authentication is better. But as far as I know, when used as an API I can't use session authentication with DRF, can I?
So my question is? What tools of DRF would you suggest to use for authentication, so that it's safe?
Thank you in advance if anyone answers this question!
Edit: Someone privately suggested using O-Auth instead of DRF's tokens or JWT's. Would that be better?
Take a look at django-oauth-toolkit for OAuth 2
So here is my duplicate of the question on security stackexchange. The man #rdegges himself has answered it. Enjoy! https://security.stackexchange.com/questions/184855/django-rest-framework-what-should-i-use-for-authentication-how-should-i-use-it/184950#184950
When creating chrome extensions that play with the youtube data api, the api key is used. But is there any other way to get data from google servers instead of exposing our personal api key in the xmlhttprequest, apart from the naive way of asking the user to create his/her own api in their account and input that to use it in the extension?
I would refer to Google for best practices.
https://support.google.com/cloud/answer/6310037?hl=en
You could use OAuth 2.0 credentials, obtain an access token through chrome.identity API, and then use that token in the XMLHttpRequests.
i am developing an internal tool for bugtracking at my company. My question is: Will the support for the api-key based authorisation stop with asana connect?
We know the adventages about OAuth. But we are only a few people and we dont really need the OAuth - based stuff. We would like to use the old API authorisation.
Any chance?
Greetings from Germany,
Karsten
OAuth is a better choice for client applications, but for some cases (automated internal integration with SCM or bug management, etc., which it sounds like is the case you're talking about) the API key still makes sense.
If we ever deprecate the old API key, you can be sure we'll make it just as easy to get a one-off OAuth token for similar use cases.
Is basic/digest auth sufficient for a google chrome extension to authenticate into a web based API? Can someone hack into it? I thought that I dont need OAuth because the API is not a 3rd party API but part of my service (for which I plan to create an API and the Google Chrome extension which will use the API...)