How to authenticate the API with only the password for private blogs

Dear Fellows,

is there a possibility to use the api only with the password that I use for my private blog? I do not want to store my account data inside an javascript, even if it is a private blog.



Could you share a bit more about what you’re trying to do? Are you trying to pull in your private blog posts? Are you building a web page or application that interacts with the API?

Dear Matt,

when was the last holyday for you? When I read the last hundred comments from you I have to say: Matt, you are stuck in a burnout-syndrome! its time to do a long, fine, relaxing holyday! This is a demand!

Back to business: In my blogs articles I often use Javascript to play along with things. Getting groups of tags, getting a bunch of posts, creating tables with some links to special articles inside my blog. To do so, its the best way to use this FINE api, the writeas-API. When you want to use the api, you must authenticate on the api. to do this you must use the credentials you use for managing/creating blogs/posts etc. This is SHIT! Because in the javascript the this credentials must be used, and this way any reader of one of this articles gets this credentials and can do with my blog what he wants.

Solution 1: Inside the blogs configuration add a possibility to save a user/pass combination to get access to this blog when using the api. this user should only get reading access in the api, because it is public. you also could let the server lets create a cryptic password, user/pass-combination is not so important, but this credentials only allow reading access through the api.
Solution 2: for password-protected private blogs use this password as credentials to the api. also this credentials garant only reading access to the blog trough the api

Much work :slight_smile:

Greets, Dietrich

Hej Matt,

there is no need to fix this next time. Iam fine, when I can use the api with the alias/pass - Combination for the next weeks. But it would be a pretty nice idea, that you generally create e secret for each blog, wich give you reading access to the collection, this secred you can use in every javascript - code without sorrows, that anybody plays buggywoogy with your blog.

Cheers, Dietrich

Again: One Pina Collada in forehappyness for your next holyday :):slight_smile: