Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: best practices recommendations, authentication and testing #81

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

doc: best practices recommendations, authentication and testing #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76945ce
doc: testing should be done on int.seeclickfix.com
gwright Oct 21, 2022
86287e6
doc: clarify best practices for authentication
gwright Mar 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions content/v2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,8 @@ All coordinates are assumed to be WSG84. Geographic objects are represented as [

## Testing

Testing can be done on the `test.seeclickfix.com` subdomain. This
subdomain has data replicated from production. SSL (https) is
available on test.seeclickfix.com.

Testing can be done on the `int.seeclickfix.com` subdomain.
This is a sandbox environment with its own database separate from the production environment at `seeclickfix.com`.

## URL Format

Expand Down
9 changes: 6 additions & 3 deletions content/v2/overview/authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,11 @@ SeeClickFix currently supports the following authentication methods for access t

### HTTP Basic Authentication

This method is appropriate when the client has direct access to user credentials (username
and password).
This method is appropriate when the client has direct access to
user credentials (username and password), which is typical for
automated access to our APIs. We strongly recommend that a separate
user account be utilized for automated API access rather than re-using
a user account associated with a person.

<pre class="terminal">
$ curl -u "[email protected]:password" <%= root_version_url %>/profile
Expand All @@ -22,7 +25,7 @@ $ curl -u "[email protected]:password" <%= root_version_url %>/profile
This method is appropriate when the client application is being used by multiple users
and the user's credentials should not be shared with the client directly.

SeeClickFix supports OAuth2's "authorization code flow" as documented in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1)
SeeClickFix supports OAuth2's "authorization code flow" as documented in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1). Other OAuth authentication flows are not currently supported. We do not recommend using OAuth access for automated access to our APIs (see Basic Authentication above).

The [Doorkeeper documentation](https://github.com/doorkeeper-gem/doorkeeper/wiki/authorization-flow) provides some easier to read information regarding the sequence of API calls.

Expand Down