Martijn , will there ever be a way to use the API without storing my password in plaintext in the application? You don't need to go full-OAuth, maybe something like Pinboard's authentication code? A single auth-code that the user can easily reset (and thus invalidate) through their .
Login or register your account to reply
💬 Subreply It can be done. But it's hard to explain to someone that isn't computer literate that they have to set a different password or code to use with Sublevel clients. Don't store it as plaintext and always use https when you send it.
7y, 33w 3 replies
Martijn That's up to clients to make clear. Or have an API request that can be used to get the code, Pinboard has that (also for existing clients to easily transition). How would I 'not store it as plaintext'? My application needs to submit the plaintext variant so it always has to have access to it in plaintext. Could be encrypted with a master password, but that would just force people to enter the master password every time.
7y, 33w 2 replies