diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-12-05 20:31:27 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-12-05 20:31:27 -0500 |
| commit | e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 (patch) | |
| tree | abc2de5aebace4a2d7c94805552264dab6b10bc7 /doc/api-authentication.markdown | |
| parent | 346b8312e5ac877ce3192c2db3a26b500018bbb5 (diff) | |
Rewrite of the authentication and authorization system
Diffstat (limited to 'doc/api-authentication.markdown')
| -rw-r--r-- | doc/api-authentication.markdown | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/doc/api-authentication.markdown b/doc/api-authentication.markdown new file mode 100644 index 00000000..962e5b1b --- /dev/null +++ b/doc/api-authentication.markdown @@ -0,0 +1,66 @@ +API Authentication +================== + +Default method (HTTP Basic) +--------------------------- + +The API credentials are available on the settings page. + +- API end-point: `https://YOUR_SERVER/jsonrpc.php` + +If you want to use the "application api": + +- Username: `jsonrpc` +- Password: API token on the settings page + +Otherwise for the "user api", just use the real username/passsword. + +The API use the [HTTP Basic Authentication Scheme described in the RFC2617](http://www.ietf.org/rfc/rfc2617.txt). +If there is an authentication error, you will receive the HTTP status code `401 Not Authorized`. + +### Authorized User API procedures + +- getMe +- getMyDashboard +- getMyActivityStream +- createMyPrivateProject +- getMyProjectsList +- getMyProjects +- getTimezone +- getVersion +- getDefaultTaskColor +- getDefaultTaskColors +- getColorList +- getProjectById +- getTask +- getTaskByReference +- getAllTasks +- openTask +- closeTask +- moveTaskPosition +- createTask +- updateTask +- getBoard +- getProjectActivity +- getMyOverdueTasks + +Custom HTTP header +------------------ + +You can use an alternative HTTP header for the authentication if your server have a very specific configuration. + +- The header name can be anything you want, by example `X-API-Auth`. +- The header value is the `username:password` encoded in Base64. + +Configuration: + +1. Define your custom header in your `config.php`: `define('API_AUTHENTICATION_HEADER', 'X-API-Auth');` +2. Encode the credentials in Base64, example with PHP `base64_encode('jsonrpc:19ffd9709d03ce50675c3a43d1c49c1ac207f4bc45f06c5b2701fbdf8929');` +3. Test with curl: + +```bash +curl \ +-H 'X-API-Auth: anNvbnJwYzoxOWZmZDk3MDlkMDNjZTUwNjc1YzNhNDNkMWM0OWMxYWMyMDdmNGJjNDVmMDZjNWIyNzAxZmJkZjg5Mjk=' \ +-d '{"jsonrpc": "2.0", "method": "getAllProjects", "id": 1}' \ +http://localhost/kanboard/jsonrpc.php +``` |