API key against specific method calls [#291994]

It would be really cool if you could create an API key _and_ specify which method calls that API key was allowed access to. I imagine a sort of checkbox mechanism when you create your API keys, so the form fields become:

- allowed domain
- application title
- permitted methods (checkbox for each available method)

Comment	File	Size	Author
#7	20090107_services_key_method_access_patch.png	14.32 KB	pieterdc
#4	20090107_services6.x-0.13_key_method_access.patch	5.04 KB	pieterdc
#4	20090107_services_key_method_access_patch.png	14.32 KB	pieterdc

Comments

Comment #1

greg.harvey

English

Occitanie, France

commented 6 August 2008 at 16:45

Version:

6.x-0.9

» 6.x-1.x-dev

Actually, should be applied to dev, I guess.

Comment #2

marcingy commented 2 September 2008 at 05:49

Assigned:

Unassigned

» marcingy

Sounds good. We have revamped the API handling and this extension would help enhance flexibility. In addition Application title needs to be removed as it provides no function.

Comment #3

pieterdc

Dutch

Ghent

commented 18 December 2008 at 00:58

@greg.harvey: yes, I'd like this too. I might provide a patch for it, as commented on this duplicate issue #312934: Configure services access per API key
Ps: I wouldn't like this proposed patch of #222268: Security: Different user permissions per Service method because it can't be used to define method access rights for anonymous users that use different API keys. That's why I support your idea ;-)

@marcingy: 'application title' provides no functionality to security or authorization, but it can be useful as extra information, such as 'contact information' could be useful - for admin purposes. But we might opt for a more flexible solution such as CCK integration. But as this is off-topic for this issue, I created a new one: #348462: Use CCK for API key's extra information

Comment #4

pieterdc

Dutch

Ghent

commented 7 January 2009 at 23:02

Status:

Active

» Needs review

Status	File	Size
new	20090107_services_key_method_access_patch.png	14.32 KB
new	20090107_services6.x-0.13_key_method_access.patch	5.04 KB

Patched against version 6.x-0.13
Happy reviewing

Comment #5

pieterdc

Dutch

Ghent

commented 8 January 2009 at 08:57

Version:

6.x-1.x-dev

» 6.x-0.13

As 6.x-0.13 (currently) is the latest version (everyone can download without having to use CVS)
And also because my patch (see above) only works with that version.

Comment #6

greg.harvey

English

Occitanie, France

commented 8 January 2009 at 21:56

Thanks! I return to work 13th Jan - will try and get chance to check it out that week. =)

Comment #7

pieterdc

Dutch

Ghent

commented 11 January 2009 at 10:23

Status	File	Size
new	20090107_services_key_method_access_patch.png	14.32 KB

A little screenshot to make it more visual.

Comment #8

marcingy commented 18 May 2009 at 02:26

Status:

Needs review

» Fixed

Comment #9

marcingy commented 29 May 2009 at 23:35

Status:

Fixed

» Closed (fixed)

API key against specific method calls

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

News items

Our community

Documentation

Drupal code base

Governance of community