Bug #7141

[API] Advertise anonymous token in discovery document

Added by Tom Clegg over 6 years ago. Updated 10 months ago.

Assigned To:
Target version:
Start date:
Due date:
% Done:


Estimated time:
Story points:


This will make it possible to access public data anonymously directly through the API, without going through Workbench.

Ideally Workbench (and the download service, when that happens) will also learn this from the discovery doc instead of its own config file.


Even when reading publicly accessible objects, clients must provide a valid API token. We could accept "no token provided" as being equivalent to "anonymous token", but we have decided not to:
  • it's bad enough that 404 means "the object you are requesting does not exist or is not visible with these credentials", without adding another possibility "... or ((your credentials were not received at all for some reason) and (the object you are requesting is not public))".
  • it's good to have fewer special cases in the authentication path

Aside: it wouldn't be unreasonable to use something like "*" or "-" (instead of the usual long string of random characters) as the anonymous token -- assuming there aren't any assumptions in the code base about length or allowed characters.


#1 Updated by Tom Clegg over 6 years ago

  • Description updated (diff)

#2 Updated by Ward Vandewege 10 months ago

  • Target version deleted (Arvados Future Sprints)

Also available in: Atom PDF