ForumsDevelopersLook up app token?


Look up app token?
Author Message
Peter Scott

Posted: Nov 20, 2010
Score: 0 Reference
Is there an API for looking up the app token for a given app id? That's a one-to-one mapping, right? App ids are easier for people.
Jake

Toodledo Founder
Posted: Nov 20, 2010
Score: 0 Reference
There is no reason why your customer should ever need to know about the app token or the app id. They are both used only for communicating with the API, and they never change for the life of the app, so you should hard-code them into your app. Your app token is a secret password that you should never give out to anyone. It is used for authenticating your app.
Peter Scott

Posted: Nov 20, 2010
Score: 0 Reference
I'm rewriting the App::Toodledo Perl module for API V2 and so it is used for writing apps. So I didn't see the need for specifying both the app ID and the app token for getting the session token since one is completely determined by the other. Is there a conversion mechanism?
Jake

Toodledo Founder
Posted: Nov 22, 2010
Score: 0 Reference
The AppID is like a username and the App Token is like a password. You need both, just like you need both to sign into any website. You should just provide a way for developers who are using your library to define both values. And you should take care to keep the app token a secret, since it acts like a password.
haeffb

Posted: Dec 01, 2010
Score: 0 Reference
webOS apps are written in Javascript and the source code is freely viewable on the device. There is no way to keep an app token "secret" in a webOS app.
Jake

Toodledo Founder
Posted: Dec 01, 2010
Score: 0 Reference
In that case, it would be possible for someone to spoof your application. I don't know why anyone would do this, but if you are worried about this, then you'll need to find a way to keep the password a secret, maybe by routing sync requests through your own server, which would keep the password a secret.
andi

Posted: Feb 07, 2011
Score: 0 Reference
I think this is an issue for all open source applications.
I'm working on a Toodledo Client for Windows, but I currently do not know what to do about the app token, because I want to publish the application's source code.

What is the worst thing that could happen if someone else knew the app token?
Jake

Toodledo Founder
Posted: Feb 07, 2011
Score: 0 Reference
The worst thing that can happen from someone knowing your app token is that they create a different app that syncs poorly and triggers the rate-limiting code designed to protect our servers, which would cause your app token to be blocked and your customers would no longer be able to sync because Toodledo would think that your app was abusing the API.
andi

Posted: Feb 10, 2011
Score: 0 Reference
okay, I think I'm willing to take that risk.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.