•  
      story #12266 use an API key rather than a login / password
    Summary
    API consumer
    use an API key rather than a login / password

    I don't have to write down my password in a file

    Functional overview

    As a user

    in my preferences, I have a section "API Keys" where I can

    • Generate a new key with a description

    This key will be a random string and is displayed only once at generation.

    Bellow the key generation I have a table that lists all the keys already generated with their description, creation date, last used date and last used IP address + action to revoke (delete) key.

    API key is made with prefixed with 'tlp-k1-' for audit purpose.

    A key can only be used for REST accesses.

    As a REST api user

    I can use the generated API key in my REST call headers:

    curl -H 'X-Auth-AccessKey: stuff' https://tuleap.example.com/...

    When using API Key there is no need to generate a token to access the REST API.

    While tokens remains accessible, the documentation of the route and the documentation of Tuleap is updated to inform people about API keys being the prefered way to access the API.

    Technical overview

    Ensure that 'last_access_date' for corresponding user is properly updated when using API key instead of tokens

    Empty
    axel.bodoignet@st.com, Nouha Terzi (terzino), Denis PILAT (denis_pilat)
    Status
    Done
    Development
    Empty
    Empty
    Details
    #12266
    Manuel Vacelet (vaceletm)
    2018-10-05 15:31
    2018-09-13 14:16
    3693

    References

    Follow-ups

    • User avatar
      gerrit #12804 intergated into Tuleap 10.5.99.135
    • User avatar

      gerrit #12798 integrated in Tuleap 10.5.99.132

    • User avatar
      Marking the story has done, all the acceptance criteria has been covered.

      • Status changed from On going to Done
    • User avatar
      gerrit #12732 integrated into Tuleap 10.5.99.93
    • User avatar
      gerrit #12725 integrated into Tuleap 10.5.99.89
    • User avatar
      gerrit #12728 integrated into Tuleap 10.5.99.85
    • User avatar
      gerrit #12714 integrated into Tuleap 10.5.99.81
    • User avatar

      gerrit #12699 integrated in Tuleap 10.5.99.74

    • User avatar
      Updating the name of header to match used everywhere else for this feature.

      • Acceptance criteria
    • User avatar

      gerrit #12707 integrated in Tuleap 10.5.99.66

    • User avatar
      gerrit #12706 integrated into Tuleap 10.5.99.65
    • User avatar
      gerrit #12696 integrated into Tuleap 10.5.99.60
    • User avatar
      gerrit #12690 integrated into Tuleap 10.5.99.53
    • User avatar
      gerrit #12687 integrated into Tuleap 10.5.99.51
    • User avatar
      gerrit #12680 integrated into Tuleap 10.5.99.45
    • User avatar
      • Status changed from To be done to On going
    • User avatar

      APIkey + token is overkill and brings no security gain so API key be used instead of token
       


      • Acceptance criteria
      • CC list set to Denis PILAT (denis_pilat), Nouha Terzi (terzino), axel.bodoignet@st.com
    • User avatar
      • Acceptance criteria
    • User avatar
      • So that
      • Acceptance criteria