ForumsDevelopersDirect API access with user/pass (or some other user-specific ID


Direct API access with user/pass (or some other user-specific ID
Author Message
chimericdream

Posted: Jul 24, 2016
Score: 0 Reference
I am working on a basic Node.js implementation for the Toodledo v3 API. It will be designed to work for a single user at a time, and should be able to run without user interaction, so the current method of prompting a user for authorization every so often is more than a little crippling. My ultimate goal is to make something that I can slot into a set of other APIs to perform fine-grained tasks that are more than what sites like IFTTT offer, but less than a full-featured application. The code will be available for other people to use, but I have no plans to turn it into an app where other people's data is funneled through my server.

I had a look through some of the old API docs, and it looks like the v1 API supported something akin to a "single user mode" where you could use your personal user ID to make API calls. Does something like this exist for v3? I wasn't able to find any indication that it does.

Thanks.
Jake

Toodledo Founder
Posted: Jul 25, 2016
Score: 0 Reference
The only way to authenticate with APIv3 is via OAuth. This is for security reasons. It is a very bad idea to have the user's password stored inside your app, especially if it is stored in plain text.

It should be possible to do what you want with OAuth. The user would have a one-time authentication via the OAuth flow and then you store the access and refresh tokens. As long as you refresh your tokens once a month via the API, you will never have to ask the user to sign in again.
chimericdream

Posted: Jul 25, 2016
Score: 0 Reference
I suspected that would be the official answer. I wasn't overly concerned with the prospect of storing credentials in my application, because it is going to be a Node app running on a computer I own and only storing my personal credentials. That said, I understand the reasoning behind it. In anticipation of this, I have started moving toward a solution similar to what you described.

Thanks for the reply.
Jake

Toodledo Founder
Posted: Jul 26, 2016
Score: 0 Reference
If it's just for you, you could use the API playground to generate the tokens and then just copy and paste them into your app.

https://api.toodledo.com/3/playground.php

This way, you don't have to build the entire OAuth flow into your app.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.