Not signed in (Sign In)
The Intervals Forum is read-only
Please head to help.myintervals.com for help articles and guides. If you have any questions, please contact our support team.

API

Using the API with large numbers of executive users

Bottom of Page

1 to 3 of 3

  1.  
  1.  

    Hi,

    We're looking at integrating Intervals with our existing admin site using the API. We already have a list of users in our admin site, and many of these are set up as executive users in Intervals (we're happy to keep maintaining two lists).

    We want each admin site user to access their corresponding Intervals user account, but the only way we can see to do this is to send them to the api page and get them to copy-paste the api token. That's fine for some users, but this work would be for those clients who struggle using Intervals anyway (and computers in general).

    Are there any more user-friendly solutions?

    • cameron
    • Jul 21st 2011 edited @ 07/21/2011 9:24 am
     

    Hello,

    Part of the reason we decided to go with tokens as an authentication mechanism was specifically to try to strike a balance between security and usability. Ultimately, we wanted to discourage developers from storing people's usernames and passwords in their applications. Rather, we wanted a system that would allow a user simple control over API access that was separate from his normal Intervals authentication. And we wanted to make sure that Intervals users were fully aware that they were allowing another application to access their Intervals data by granting them this token.

    Now, we understand there's nothing preventing an application developer from prompting a user for his/her username and password, navigating to the API token page in the background, and retrieving the token from there (or even creating one if it does not exist). Though we discourage this practice, it may be an end run solution for your company's purposes.

    Some stricter forms of authentication (3rd-party authentication like OAuth, used by Facebook) force users to log in to the user's account on the source site through a web browser, enter their credentials, and specifically grant access to the app requesting it (before returning to the application). While more secure, they have many more steps and are much more cumbersome. If your users are familiar with that process (if they have Facebook accounts, they probably are), you can perhaps automatically direct them to the API token page (https://{YOUR_DOMAIN}/account/api/). If they are not logged in, they can enter their credentials and will be directed to the proper page afterward.

    I hope this information helps.

    Cameron

  3.  

    OAuth does have several steps, but it works quite well by presenting the user one question at a time and then forwarding them onto the next question (which Intervals wouldn't).

    I think I'll probably add an iframe with the API token page to our site, that way I can provide my own instructions around the iframe. Not really keen on it as a solution, but more for philosophical reasons than practical ones (teaching users to enter their password for one site into another site).

1 to 3 of 3

  1.  

Comments are closed.
For more Intervals help documentation, please visit help.myintervals.com

Back to Discussions