[#670] Need REST call for getToken

Migrated from Redmine #670 | Author: Anum Qudsia
Status: Rejected | Priority: Low, I can wait | Created: 2021-03-23

Hi,

I want a REST call for getToken. Right now I am only able to use /auth api which looks like this (see below). However, I am making this call from my backend code and we actually should be using API-key instead. Please provide me with the getToken equivalent call for REST api.

POST https://user-api-v2.simplybook.me/admin/auth
Content-Type: application/json

{
“company”: “”,
“login”: “”,
“password”: “”
}

Regards
Anum

Redmine Admin wrote:

there is no rest calls to get tocken

Dmytro Bondarev wrote:

Currently REST API is available only for admin side and you have to login to it via user credentials.
The getToken is public API.

Anum Qudsia wrote:

How can it be safe to store admin password on server? I am making an application where we need to get the bookings and my client doesn’t want to enter admin password everytime.

Redmine Admin wrote:

you should not store password but ask user to insert it when needed.

Anum Qudsia wrote:

Ok, but still it is not safe to send the login/password in body either. Can be read in the logs. Should have a better solution to this

Dmytro Bondarev wrote:

The token/api key as well can be read in logs and with token/api key you can do the same.
That is why you should always use ssl.

Anum Qudsia wrote:

Ok thanks for feedback, I have now convinced my client to enter the password instead.

By SSL you mean we have all communication over https right? I haven’t installed any additional SSL certificates myself. I am using Firebase backend.

Dmytro Bondarev wrote:

By SSL you mean we have all communication over https right?
Yes, correct.

Anum Qudsia wrote:

Splendid.

(Short original content)