[openstreetmap/openstreetmap-website] API key dispenser (#2145)

Frederik Ramm notifications at github.com
Fri Feb 15 07:01:40 UTC 2019

Can you explain the "big picture" of this, or if it has already been explained elsewhere, link to it? 

If we implement access restrictions to certain parts of the web interface as detailed in https://wiki.openstreetmap.org/wiki/GDPR/Affected_Services, is this API key scheme expected to let people access the various endpoints listed there? If yes, how would you suggest that the API key is transported from the client to the server, and how would it be checked?

If an API key gives you special powers (namely to access data governed by an agreement that you as a logged-in user have "signed", to safeguard GDPR limits), then should there perhaps be an "explainer" when you create an API key, that basically says be careful with this, by generating this you take responsibility for all access made with that key, etc.etc.?

Would it make sense for API keys to expire if not renewed regularly?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/3318b12d/attachment.html>

More information about the rails-dev mailing list