[OSM-dev] API authentication

SteveC steve at asklater.com
Mon May 14 01:34:16 BST 2007

Some quick tests and it looks trivial to be able to restrict API  
authentication to just POST/DELETE/whatever requests.

What does this mean?

If JOSM or $EDITOR were to set Accept: headers on their request then  
they could be given text/xml OSM data. If Accept: wasn't present  
then, say, JSON could be returned or text/html. You could also throw  
back rdf and so on. I'm personally far more interested in JSON or  
html browsing of the api than rdf. JSON especially should make people  
building web interfaces much happier.

The downside is that there's more work maintaining different encodings.

The simplest possible thing that could work as a first step is to  
turn off requiring authentication for GET requests. I haven't just  
done it in case it horribly breaks some client or other, but really  
it's only 2 lines of code to do it.

Discuss :-)

I'm now off to investigate johns Way.find() idea.

have fun,

SteveC | steve at asklater.com | http://www.asklater.com/steve/

More information about the dev mailing list