API tools faq
paste
ozh

Adding new actions to YOURLS API : a thing to ponder

ozh
Jun 29th, 2012
242
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.89 KB | None | 0 0
raw download clone embed print report
  1. Adding new actions to YOURLS API : a thing to ponder
  2.  
  3. Currently the set of action available in the API is voluntarily limited to a few "non destructive" actions (no editing or deleting) because there's a passwordless way of doing things (signature token or signature token + time hash, see wiki page http://code.google.com/p/yourls/wiki/PasswordlessAPI)
  4.  
  5. I think passwordless destructive actions might be a little too dangerous to allow : no big deal if someone steals your signature token to add spam links, but pain in the ass if it's used to modify or delete all your links
  6.  
  7. Options :
  8.  
  9. - require login + pwd for destructive actions ? might be a bit limiting
  10.  
  11. - adding a new "super power" signature token that would be more secret, once/if there is a proper user & privileges management in YOURLS
  12.  
  13. - maybe another option to consider is having a YOURLS plugin that will register custom API actions
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!