dstndstn / astrometry.net

Astrometry.net -- automatic recognition of astronomical images
http://astrometry.net
Other
679 stars 189 forks source link

Request: allow api key to be used in place of session token #184

Open SnowySailor opened 4 years ago

SnowySailor commented 4 years ago

Managing a session token in a long-running application can present issues. What if the session times out? What if the session is invalidated by the server? There are many things regarding the session that we cannot control as API consumers, so if a session somehow stops working we need to write code that can request a new one and handle that. This can add a lot of complexity that I'm sure many people want to avoid. It is possible to just request a new session every time you make a request, but that is not ideal because it adds an additional request into the process and consumes some time and network resources.

Instead of requiring the session in most of the POST bodies, I propose that the API accepts the apikey as a valid form of authentication. In order to get a session in the first place, all one needs to do is provide their API key and they are given back a session. It doesn't seem like accepting the apikey would decrease security and it would make writing code that interacts with the API much simpler and less error-prone.

dstndstn commented 4 years ago

If I recall correctly, sessions last for a week.

Still, this seems like a reasonable request (especially now that we have https for nova). But I don't foresee having time to implement it in the near future.