[OSM-dev] API authentication
steve at asklater.com
Mon May 14 01:34:16 BST 2007
Some quick tests and it looks trivial to be able to restrict API
authentication to just POST/DELETE/whatever requests.
What does this mean?
If JOSM or $EDITOR were to set Accept: headers on their request then
they could be given text/xml OSM data. If Accept: wasn't present
then, say, JSON could be returned or text/html. You could also throw
back rdf and so on. I'm personally far more interested in JSON or
html browsing of the api than rdf. JSON especially should make people
building web interfaces much happier.
The downside is that there's more work maintaining different encodings.
The simplest possible thing that could work as a first step is to
turn off requiring authentication for GET requests. I haven't just
done it in case it horribly breaks some client or other, but really
it's only 2 lines of code to do it.
I'm now off to investigate johns Way.find() idea.
SteveC | steve at asklater.com | http://www.asklater.com/steve/
More information about the dev