Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      story #12266 use an API key rather than a login / password
    Summary
    API consumer
    use an API key rather than a login / password

    I don't have to write down my password in a file

    Functional overview

    As a user

    in my preferences, I have a section "API Keys" where I can

    • Generate a new key with a description

    This key will be a random string and is displayed only once at generation.

    Bellow the key generation I have a table that lists all the keys already generated with their description, creation date, last used date and last used IP address + action to revoke (delete) key.

    API key is made with prefixed with 'tlp-k1-' for audit purpose.

    A key can only be used for REST accesses.

    As a REST api user

    I can use the generated API key in my REST call headers:

    curl -H 'X-Auth-AccessKey: stuff' https://tuleap.example.com/...

    When using API Key there is no need to generate a token to access the REST API.

    While tokens remains accessible, the documentation of the route and the documentation of Tuleap is updated to inform people about API keys being the prefered way to access the API.

    Technical overview

    Ensure that 'last_access_date' for corresponding user is properly updated when using API key instead of tokens

    Empty
    axel.bodoignet@st.com, Nouha Terzi (terzino), Denis PILAT (denis_pilat)
    Status
    Empty
    Done
    Development
    • [ ] Does it involves User Interface? 
    • [ ] Are there any mockups?
    • [ ] Are permissions checked?
    • [ ] Does it need Javascript development?
    • [ ] Does it need a forge upgrade bucket?
    • [ ] Does it need to execute things in system events?
    • [ ] Does it impact project creation (templates)?
    • [ ] Is it exploratory?
    Empty
    Details
    #12266
    Manuel Vacelet (vaceletm)
    2018-10-05 15:31
    2018-09-13 14:16
    4310

    References
    Referencing story #12266

    Artifact

    rel #12154 10.6
    story #14023 access Git repositories with a personal access key
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2018-10-03 09:03
    Marking the story has done, all the acceptance criteria has been covered.
    • Status changed from On going to Done
    User avatar
    Thomas Gerbet (tgerbet)2018-09-28 11:21
    Updating the name of header to match used everywhere else for this feature.
    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Manuel Vacelet (vaceletm)2018-09-14 10:39

    APIkey + token is overkill and brings no security gain so API key be used instead of token
     

    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • CC list set to Denis PILAT (denis_pilat), Nouha Terzi (terzino), axel.bodoignet@st.com
    User avatar
    Thomas Gerbet (tgerbet)2018-09-13 14:37
    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Manuel Vacelet (vaceletm)2018-09-13 14:17
    • So that
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes