Allow to generate API token
Problem to solve
The only way to make write action with the API is the application secret. This is not ideal when we need to share this secret with multiple peoples.
Proposal
- Prevent the usage of the application for API call (Breaking Change)
- Add new endpoints to generate token (require to be logged in or give the application secret)
- The token should be time limited (or at least add expiration by default)
- The token should include a field with customizable value to store the owner of the token (to trace to who we give the tokens)
- API call should be logged with the owner of the token (
anonymous
otherwise) -
API call rate should be limited=> Moved to #136 (closed)anonymous
=> 50/hourswith a token => 1500/hours
Edited by Guillaume MARTINEZ