On Oct 17, 2013, at 12:22 AM, Paul Belanger <paul.belanger at polybeacon.com> wrote: > Now, the reason for having it was because this was the default way > swagger passed credentials via HTTP. I'm not sure why they didn't > simply add http://username:password at example.org support, but that is a > different issue (in fact I plan to open a bug upstream). There have been a few cases where an HTTP or WebSocket client library didn't support HTTP Basic auth. Putting the HTTP Basic auth header in there is not hard, but adding an ?api_key param is dead simple. > In fact, I strongly think we should be hosting our own content, simply > because we can control it and it is the friendly thing to do. Pushing > all our users to [3] doesn't appear to be too friendly, plus just > imagine all the asterisk themeing that could be done to it. Agreed. http://ari.asterisk.org is now live (also https://ari.asterisk.org, if you enable TLS in http.conf) The code posted there is from my fork on GitHub[1] > Don't get me wrong, I would be infavor of implementing some sort of > OAuth key over the ARI, but I don' think that is in the cards at this > point in time. And again, I think api_key is just implemented to work > around the fact that [3] does pass basic-auth. I don't see why adding OAuth would be any less redundant than ?api_key. -- David M. Lee Digium, Inc. | Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com & www.asterisk.org
