Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Tracking API: Allow setTokenAuth() to be an admin token, not only the Super User #2302

mattab opened this Issue · 1 comment

1 participant

Matthieu Aubry
Matthieu Aubry

Super User token is very secret. The Tracking API should allow for more flexibility and allow any "admin" token for the site being tracked.

For performance, we don't want to query the DB on each Tracking API request. So we can cache in the Tracker cache files the list of all allowed admin token_auth and check against this list.

Matthieu Aubry

(In [4417]) Fixes #2302 Now, setTokenAuth on the Tracking API can accept the Super User token_auth or any 'admin' user token_auth (the token are cached in the tracker cache file, which is now flushed when users or permissions are changed)

Matthieu Aubry mattab added this to the Piwik 1.3 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.