Separation of API rights?

G

gagoman2012-10-20 16:40:56

Python

gagoman, 2012-10-20 16:40:56

We have:
server-side: GAE + Flask
front: Knockout.js, jQuery

We would like:
links or secret knowledge on how to properly organize the separation of rights when accessing the API. Tokens, how, where, practices.

Thanks in advance.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

DeusModus, 2012-10-22
@DeusModus

en.wikipedia.org/wiki/OAuth will probably work for you.
You can also look at www.myintervals.com/blog/2009/06/19/api-authentication-methodologies/ .
We personally use a signature-based approach. Something like: www.infoq.com/news/2010/01/rest-api-authentication-schemes

D

Denis Kharchenko, 2014-04-24
@itprodavets

Of course, you can't do without JS here. Open the page code, there are 3 scripts. One of them is what you need.

C

cactuss, 2014-04-24
@cactuss

You can use sass, but if you asked this question, then it’s easier for you to cut out js ...
And on pure css you can

K

kapai69, 2014-04-28
@kapai69

Something cannot be pulled out js. Removed all js in firebug, scrolling still works! Mystic