ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

use login and password instead of "api access key" in REST API (Feature #448)

Added by Alexey Java at 2011-06-04 07:52 pm. Updated at 2011-06-04 09:59 pm.

Status:Closed Start date:2011-06-04
Priority:Normal Due date:
Assignee:- % Done:


Category:REST API
Target version:-
Remote issue URL: Affected version:


this request is extracted from #8529

it would be great if REST API supported the concept of "login" so that REST users would be able to "login" through REST API using their login&password (instead of API access key!) and then they'd receive some "session key" they could use temporarily for this session.

See how the same mechanism is implemented in Atlassian Jira remote API.

This would simplify the REST API usage in various UIs (people are often confused about "api access key", they want to use their login&password). Just imagine how inconvenient it is to type an API access key in Redmine Android client on a phone screen!


Updated by Holger Just at 2011-06-04 09:07 pm

ChiliProject supports Basic Auth in addition to the API keys for all API methods. This is something which is used by e.g. the redmineapp. The implementation of the authentication switch can be found at source:app/controllers/application_controller.rb#L74

Forcing API users to have to deal with sessions is something which clearly goes against the idea of REST and is something I would like to avoid at all costs.

Does this hint already solve your issue?

  • Status changed from Open to Needs more information

Updated by Alexey Java at 2011-06-04 09:48 pm

Thanks for the hint! It works great. Feel free to close this request as "invalid".
I remember there was a time when Redmine didn't accept BASIC auth for REST API, but look like it's now implemented.

Updated by Holger Just at 2011-06-04 09:59 pm

  • Status changed from Needs more information to Closed

Also available in: Atom PDF