Bug #7141

[API] Advertise anonymous token in discovery document

Added by Tom Clegg almost 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Start date:
08/26/2015
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

This will make it possible to access public data anonymously directly through the API, without going through Workbench.

Ideally Workbench (and the download service, when that happens) will also learn this from the discovery doc instead of its own config file.

Background

Even when reading publicly accessible objects, clients must provide a valid API token. We could accept "no token provided" as being equivalent to "anonymous token", but we have decided not to:
  • it's bad enough that 404 means "the object you are requesting does not exist or is not visible with these credentials", without adding another possibility "... or ((your credentials were not received at all for some reason) and (the object you are requesting is not public))".
  • it's good to have fewer special cases in the authentication path

Aside: it wouldn't be unreasonable to use something like "*" or "-" (instead of the usual long string of random characters) as the anonymous token -- assuming there aren't any assumptions in the code base about length or allowed characters.

History

#1 Updated by Tom Clegg almost 4 years ago

  • Description updated (diff)

Also available in: Atom PDF