Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add option to send API key in header #3584

Merged
merged 1 commit into from Feb 10, 2017

Conversation

Projects
None yet
4 participants
@jvolkening
Copy link
Contributor

commented Feb 10, 2017

There are arguments to be made security-wise for putting a REST API key in the HTTP header rather than in the URL, even over an encrypted connection. This PR provides the option to new consumers of the API to put the key in an x-api-key header without (I hope) breaking existing implementations. Please review to see if this makes sense to incorporate.

@galaxybot galaxybot added the triage label Feb 10, 2017

@galaxybot galaxybot added this to the 17.05 milestone Feb 10, 2017

@jmchilton

This comment has been minimized.

Copy link
Member

commented Feb 10, 2017

@galaxybot test this

@jmchilton

This comment has been minimized.

Copy link
Member

commented Feb 10, 2017

This seems like a very good idea - clear step forward! Thanks a bunch @jvolkening.

@dannon

This comment has been minimized.

Copy link
Member

commented Feb 10, 2017

xref: galaxyproject/bioblend#211

Thanks @jvolkening, I'll take a look and make sure this is all that's needed here.

@dannon

This comment has been minimized.

Copy link
Member

commented Feb 10, 2017

Yeah, looks like the 'this is an api request' logic, etc., should be fine unchanged. We'll want to add documentation that explicitly states that this option doesn't necessarily make your requests secure (so, https should still be used), etc., but I can do that.

@dannon dannon merged commit 6f5743d into galaxyproject:dev Feb 10, 2017

5 checks passed

api test Build finished. 263 tests run, 0 skipped, 0 failed.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
framework test Build finished. 138 tests run, 0 skipped, 0 failed.
Details
integration test Build finished. 24 tests run, 0 skipped, 0 failed.
Details
toolshed test Build finished. 580 tests run, 0 skipped, 0 failed.
Details

@jvolkening jvolkening deleted the jvolkening:http_header_api_key branch Feb 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.