Open extra topbar

If you are new here, please see some information on how to ask for support. Thank you!

[Feature Request] API Key Auth instead of Login Creds

dashed-slug.net Forums General discussion [Feature Request] API Key Auth instead of Login Creds

Viewing 10 posts - 16 through 25 (of 25 total)
  • Author
    Posts
  • #6069
    phiten
    Participant

    Whats the ugly path for the get_transactions? https://example.com/?__wallets_apiversion=3&__wallets_action=get_transactions how to add these values?: /SYMBOL/COUNT/FROM from the fancy path

    #6072
    alexg
    Keymaster

    About your question regarding transactions, here’s a complete example:

    https://example.com/?__wallets_apiversion=3&__wallets_action=get_transactions&__wallets_tx_count=10&__wallets_tx_from=0&__wallets_symbol=BTC

    This would retrieve the first 10 BTC transactions. Don’t forget to add authentication parameters to your call.

    You can always observe the XHR requests in your browser to see how the plugin does it.

    This is where the GET parameters get passed into the PHP API:

    https://github.com/dashed-slug/wallets/blob/4.2.0/includes/json-api.php#L1157-L1168

    And the relevant PHP API:

    https://wallets-phpdoc.dashed-slug.net/classes/Dashed_Slug_Wallets_PHP_API.html#method_api_transactions_filter

    with regards

    #6116
    phiten
    Participant

    Hi Alex,

    do you have an ETA when the user_id is reported by the get nonce json call?

    Regards
    Philipp

    #6117
    alexg
    Keymaster

    Hi Phillip,

    Looking into this a bit further:

    The get_nonces API call can by design only be performed by a logged-in user (i.e. with the cookies method, going through wp-login.php). This is typically done by a browser but does not have to be.

    My original intention was to be able to display the user_id and api_key with the [wallets_api_key] shortcode, so that the user is then able to enter it into some other application and grant access. But the user must first login to the website to obtain this information.

    I am curious, what your login workflow would be? If the user can already login, what’s the use of having a user_id and key? What type of credential would the user provide to your application via your UI?

    #6118
    phiten
    Participant

    Hi Alex,

    as I wrote in the beginning I don’t want to store the login creds on the phone where our app runs on. The initial auth will be via login and then receive the API Key, UserID and nonces. All future requests are made with the API Key. Alternatively (which I would prefer as it is the standard for the most APIs) drop the need of the userID in the JSON API. So the authentication would be only done via the APIKey.

    I hope it’S clear what I mean.

    Regards
    Philipp

    #6119
    phiten
    Participant

    This is an example auth within the app:

    https://coinvault.one/login/?redirect_to=https%3A%2F%2Fcoinvault.one%2F%3F__wallets_apiversion%3D3%26__wallets_action%3Dget_nonces

    This opens the in app browser and lets the user login then the automatic redirect to the get_nonces JSON api happens and the app takes the information and securely stores and encrypts them.

    #6120
    alexg
    Keymaster

    Dropping the user_id requirement is something that I would like to do, as it is the best solution. I hadn’t found an efficient way to do this yet but it is the correct solution.

    As this will go into JSON API 4, I cannot provide an estimate. As a general rule I only provide estimates for defects, not new features, since it is impossible to estimate how long things take.

    I will look into how to eliminate the requirement for a user_id argument and let you know.

    with regards

    #6121
    phiten
    Participant

    Or just add the userID to the get_nonces api key as a little workaround so it’s working in the first place.

    #6128
    alexg
    Keymaster

    Hello,

    I have modified version 3 of the JSON API in plugin version 4.2.1. The __wallets_user_id argument is now ignored. If you specify an API key in your calls, the effective user whose data is returned, is always the user who corresponds to the given API key.

    with regards

    #6130
    phiten
    Participant

    OK great thanks.

    Regards
    Philipp

Viewing 10 posts - 16 through 25 (of 25 total)
  • You must be logged in to reply to this topic.