On Wed, 16 Nov 2011 21:56:09 -0800, Victor Boctor <vic...@futureware.com.au> wrote: > I've been thinking about the same thing recently. Even though we can argue > that for the API to have feature parity with the web version, we should > provide anonymous access, I'm reluctant to enable this without some sort of > API key that can identify a consumer and can allow measuring load and > blocking when necessary. > > I'm also in favor of supporting the concept of an API key even for normal > users, and not just for anonymous access. This is of course until we > support OAuth or something similar. > > Thoughts are welcome though...
Anonymous SOAP access is already possible. The admin just needs to modify api/soap/mc_config_inc.php to set the access threshold to allow VIEWER accounts. Once that's done, then SOAP applications can get "anonymous" access using the same anonymous user account configured for normal browser clients, or by creating a single VIEWER account with a known password. Having said that, I think that implementing some form of API-key system would be better, if only because it would get user passwords out of SOAP client configuration files. Cheers -- John Reese noswap.com ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ mantisbt-help mailing list mantisbt-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mantisbt-help
