-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[docs] make it easier to understand how to use the self hosted environment API #10
Comments
It is a good idea to have the UI indicating the API base endpoint. Maybe we can add it to the project settings and to the new platform dialog window. The X-Appwrite-Key header is used to pass the secret API key and should only be used when integrating with a server side language. It can be a MAJOR security issue when being used directly in your client code and this is why it's not being mentioned anywhere. |
I see.
So what the way to authenticate from postman like requests?
…On Sun, Sep 8, 2019, 23:43 Eldad A. Fux ***@***.***> wrote:
It is a good idea to have the UI indicating the API base endpoint. Maybe
we can add it to the project settings and to the new platform dialog window.
The X-Appwrite-Key header is used to pass the secret API key and should
only be used when integrating with a server side language. It can be a
*MAJOR* security issue when being used directly in your client code and
this is why it's not being mentioned anywhere.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#10?email_source=notifications&email_token=AIDPQKMAJ2ULZO7A7AOZWLTQIVPWRA5CNFSM4IUUYI7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6FY6YA#issuecomment-529239904>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIDPQKIM5DB6JYMJPHBUEG3QIVPWRANCNFSM4IUUYI7A>
.
|
Well, its really depends on what you are trying to achieve with postman. If you are just trying out the API the best way is probably by treating it as a backend and just passing an API key. If you want to mock real user behaviour, you need to use the entire register-login flow to obtain a user session cookie, and then add it to all other requests. This might be easier if in some point we will add Appwrite as an OAuth provider on its own, and then auth process will be more straight forward from 3rd parties like postman. |
Added this just near the project ID to make life a bit easier. Committed to master branch, will be released in next version. |
…2/geoip2-2.10.0 Bump geoip2/geoip2 from 2.9.0 to 2.10.0
Tried to used the API from postman.
Searched for the base URL in the settings, with no luck. Eventually, i inferred from the code that it is
http:https://localhost/v1/
.Also, no place stated that the key should be sent as header
X-Appwrite-Key
.The text was updated successfully, but these errors were encountered: