KAuth resources

Discussion in 'Building with the Kayako API' started by Phil R, Jul 13, 2016.

  1. Phil R

    Phil R Established Member

  2. Jamie Edwards

    Jamie Edwards Staff Member

    Hi Phil

    The Kayako platform supports:
    • Basic auth (HTTP username and password)
    • OAuth 2.0
    • API-key based authentication (still tied to a user, though).
    We only support the first right now and will be rolling out detail and official support for the OAuth and API key in due course.
     
  3. Phil R

    Phil R Established Member

    Ah, makes sense - The docs may want to make that clearer.

    Are there tentative timeline for #3?

    I for one will not be sharing my account password on a server disk, so the only way I can see around this short term is to consume a unique license dedicated to the API.
     
  4. Jamie Edwards

    Jamie Edwards Staff Member

    Within the next 3 months for the other auth options. Regarding using a unique license, we recommend you do that anyway - all actions made via the API will be made under the authenticated user (API keys are linked to user accounts, too).
     
  5. Phil R

    Phil R Established Member

    I have not gotten around with playing with the API yet, so don't know the implications of the... quite literally force fed, implication of the action being under a authenticated user.

    We would use the API to distribute critical notifications to customers. Previously this was hard (as it took multiple passes and direct DB access to whittle down the target users) but the new API allows much better detail to assist with this.

    The ability to use a central API key and designate who we wanted (staff) to send the message from was good in V4. However, quick exploration suggests this will be tied to the user associated with the API key we use?

    I can see this being a complication that might require some skill to work around (such as extra step in the API from a owner account to generate a API key under another user account (if possible), then re-authenticating using the new API details).

    Of further note, API being at the heart of your new product and recommending that unique (be this single or multiple) accounts are used for the API, is kind of annoying. That single handedly has increased the cost to migrate another 1.5 fold.
     

Share This Page