ForumsDevelopersLook up app token?
Look up app token?
Author | Message |
---|---|
Peter Scott |
Is there an API for looking up the app token for a given app id? That's a one-to-one mapping, right? App ids are easier for people.
|
Jake Toodledo Founder |
There is no reason why your customer should ever need to know about the app token or the app id. They are both used only for communicating with the API, and they never change for the life of the app, so you should hard-code them into your app. Your app token is a secret password that you should never give out to anyone. It is used for authenticating your app.
|
Peter Scott |
I'm rewriting the App::Toodledo Perl module for API V2 and so it is used for writing apps. So I didn't see the need for specifying both the app ID and the app token for getting the session token since one is completely determined by the other. Is there a conversion mechanism?
|
Jake Toodledo Founder |
The AppID is like a username and the App Token is like a password. You need both, just like you need both to sign into any website. You should just provide a way for developers who are using your library to define both values. And you should take care to keep the app token a secret, since it acts like a password.
|
haeffb |
webOS apps are written in Javascript and the source code is freely viewable on the device. There is no way to keep an app token "secret" in a webOS app.
|
Jake Toodledo Founder |
In that case, it would be possible for someone to spoof your application. I don't know why anyone would do this, but if you are worried about this, then you'll need to find a way to keep the password a secret, maybe by routing sync requests through your own server, which would keep the password a secret.
|
andi |
I think this is an issue for all open source applications.
I'm working on a Toodledo Client for Windows, but I currently do not know what to do about the app token, because I want to publish the application's source code. What is the worst thing that could happen if someone else knew the app token? |
Jake Toodledo Founder |
The worst thing that can happen from someone knowing your app token is that they create a different app that syncs poorly and triggers the rate-limiting code designed to protect our servers, which would cause your app token to be blocked and your customers would no longer be able to sync because Toodledo would think that your app was abusing the API.
|
andi |
okay, I think I'm willing to take that risk.
|
You cannot reply yet
U Back to topic home
R Post a reply
To participate in these forums, you must be signed in.