Feature #8529

Get the API key of the user through REST API

Added by Alex Last over 6 years ago. Updated over 4 years ago.

Status:ClosedStart date:2011-06-04
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:REST API
Target version:2.3.0
Resolution:Fixed

Description

I'm trying to write an automated test in Redmine Java API for case when getUsers() throws AuthorizationException for non-admin.

to do that, I first create a new user through REST API (using admin account), and then I want to send "getUsers()" request with the new user's API access key.
the problem is that I don't see a way to retrieve the API key of the user I just created.
I understand this is probably due to security reasons.
what's the right way to solve this problem?

it would be great if REST API supported the concept of "login" so that REST users would be able to "login" through REST API using their login&password (instead of API access key!) and then they'd receive some "session key" they could use temporarily for this session.

this would eliminate the problem I described above, and plus simplify the REST API usage in various UIs (people are often confused about "api access key", they want to use their login&password).

Associated revisions

Revision 11518
Added by Jean-Philippe Lang over 4 years ago

Add user's API key to /users/current.format (#8529).

Revision 11570
Added by Jean-Philippe Lang over 4 years ago

Merged r11518 from trunk (#8529).

History

#1 Updated by Alex Last over 6 years ago

never mind, feel free to close this request. I see basic HTTP auth is supported, so no API key is required. I can specify user's password when creating the user, so this solves my problem.

#2 Updated by Frank Schwarz over 4 years ago

It would be great for (mobile) apps to retrieve the API key:

  1. the mobile app asks for username and password
  2. the mobile app logs in using basic authentication (with an https url)
  3. the app retrieves the api key of the currently logged in user
  4. the app stores the api key permanently for authenticating the user the next time

#3 Updated by Jean-Philippe Lang over 4 years ago

  • Subject changed from get the api key of the user through REST API to Get the API key of the user through REST API
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.3.0
  • Resolution set to Fixed

Good point. API key added in r11518 to /users/current.format.

#4 Updated by Jean-Philippe Lang over 4 years ago

  • Status changed from Resolved to Closed

Merged.

Also available in: Atom PDF