Open nziebart opened 9 years ago
Here is my proposal for an authentication scheme:
Let's discuss options if there is a better way. I think this way is pretty standard though, and it is flexible so we can use a password or another 3rd party later on.
Another way would be do do what we do now, but just use the IG user_id instead of the username. But, I feel like our user authentication should not be so heavily tied to IG.
It would be cleaner to move request authentication to an HTTP header. It looks like currently we have an app key and a user token, so we could define a structure for the Authorization header to pass these.
Something like:
PEARING-AUTH appKey="22040d5b16d7c84ff4022d37555519b2",userToken="ATzerjisLxBbNrYET1lR2zCh1SCDBV8t1"
The userToken would be optional for some requests, but the appKey should probably never be optional.