...
For write operations (updating or creating data), make sure that a user named "test" is included in the dRofus project. All modifications will be made under this user account, which should have the necessary permissions.
Using HTTP Basic Authentication (for Testing Purposes)
In addition to OAuth2, HTTP Basic Authentication can also be used for testing purposes. However, it is not recommended for production due to security risks. Here's how to set it up:
Steps to Set Up Basic Authentication:
Create an "API user":
Do not use your personal account for this.
Ensure the API user's email is not set to your own.
Generate a strong password for this user.
Add the user to the project:
Ensure that this user has sufficient access to perform the required API operations.
Set up authentication:
In Postman, select Basic Auth as the authentication type.
For scripts, you need to encode the username and password into base64. Here's an example of how to do this in Python:
Code Block language py import base64 credentials = f"{DR_USERNAME}:{DR_PASSWORD}" encoded_credentials = base64.b64encode(credentials.encode()).decode() # ...rest of code headers = {"Authorization": encoded_credentials}This encoded string can then be used for Basic Authentication in your API requests.
Important Security Considerations:
Do not store encoded credentials in plain text. Always use environment variables to handle credentials safely, as shown in the earlier examples.
Despite the term "encoded", remember that this is not secure. Base64 encoding can be reversed into the original username and password in seconds. For this reason, do not share your Postman requests with others if you're using Basic Auth, and avoid using this method in production environments.
By following these steps, you can set up Basic Authentication for testing while ensuring you handle credentials with care.
Examples
Simple dRofus Read/Write API in Python
...