https://developer.kayako.com/api/v1/reference/authentication/#kauth-kayako-authentication-1.3 The details here seem to indicate that a propriety authentication mechanism is available. However, nowhere in the admin panel can I see a section to obtain / set / reset the shared secret. Inspection of the API itself, I cannot see any resource fields that would indicate the provision / retrieval of these values either. Is something missing for this?
Hi Phil The Kayako platform supports: Basic auth (HTTP username and password) OAuth 2.0 API-key based authentication (still tied to a user, though). We only support the first right now and will be rolling out detail and official support for the OAuth and API key in due course.
Ah, makes sense - The docs may want to make that clearer. Are there tentative timeline for #3? I for one will not be sharing my account password on a server disk, so the only way I can see around this short term is to consume a unique license dedicated to the API.
Within the next 3 months for the other auth options. Regarding using a unique license, we recommend you do that anyway - all actions made via the API will be made under the authenticated user (API keys are linked to user accounts, too).
I have not gotten around with playing with the API yet, so don't know the implications of the... quite literally force fed, implication of the action being under a authenticated user. We would use the API to distribute critical notifications to customers. Previously this was hard (as it took multiple passes and direct DB access to whittle down the target users) but the new API allows much better detail to assist with this. The ability to use a central API key and designate who we wanted (staff) to send the message from was good in V4. However, quick exploration suggests this will be tied to the user associated with the API key we use? I can see this being a complication that might require some skill to work around (such as extra step in the API from a owner account to generate a API key under another user account (if possible), then re-authenticating using the new API details). Of further note, API being at the heart of your new product and recommending that unique (be this single or multiple) accounts are used for the API, is kind of annoying. That single handedly has increased the cost to migrate another 1.5 fold.