Post

2 followers Follow
0
Avatar

Session ID without login

I am setting up a server interface that will interact with Clarizen. however I am nervous about putting a real person's password in a text file (PHP) where it can be read.

Is there anyway to establish a permanent (or semipermanent) login?

Josh Boutwell Answered

Please sign in to leave a comment.

1 comment

0
Avatar

Hi Josh,
As with most SAAS services, you cannot access the Clarizen API without logging in first.
Apart from the regular user name/password scheme, Clarizen support OAUTH, but then again, security involves some keys and tokens that need to be kept secure.
SAML 2 authentication is also supported, but that's mainly for the web interface, I'm not sure it could get you an API session. Unless you're already using an identity provider it could be a major overhead.

You should probably encrypt the user name/password you place in the text file and decrypt it on runtime. Another idea is to ask your users to log in.
Hope this helps,
Ophir

Ophir Kenig 0 votes
Comment actions Permalink