How to authenticate users in PBwiki API?

When accessing a wiki through the PBwiki Developer API how do I authenticate
the user that is making each request ?
I know that the APIkey should be sent, but is it the only authentication mechanism
available ?
If so, anyone who knows the apikey of a wiki can perform any operation on it ?

Inappropriate?

Reply to this question

1 person has this question

I have this question, too! Tell me when someone answers.
The more people who ask this question, the more it gets noticed.

Inappropriate?
Delete or Edit (for 15 minutes)

Tim replied on May 30, 2008 17:01

your apikey is just like your password... if someone knows your password they also have access to your wiki. you should treat it the same way and protect it as such.

this answers the question

1 Comment Add a comment This answers the question
mauricio commented on May 30, 2008 17:48

But the apikey is a number associated to the wiki and shared by all users.
So it doesnt identify the user who is actually performing the operation.
Besides its easy for anyone to know the apikey because it is sent as a query string parameter.
EMPLOYEE

Inappropriate?
Delete or Edit (for 15 minutes)

Vu Nguyen, Official Rep, replied on June 05, 2008 00:24

In PBwiki 1.0, the API does let you set the user email, so assuming you're trying to edit from another server, one scheme might be:

1) Your user logs into your server and you keep track of it
2) As they do things that make use of the API, you attach their email to the request.

This presupposes that you have a separate userbase that you are trying to make interact with your wiki through the API. And I can't, off the top of my head, think of another use case where you would need to authenticate the user while not having a separate user database. Can you explain what you are trying to do?

this answers the question

Add a comment This answers the question Mark as a company answer