[API] authentication with JSON Web Tokens
Currently, the API only accepts two ways to authenticate users:
- HTTP Basic authentication (logins and passwords are sent with each request)
- API key
We could secure this process and make it easier to use.
Allowing JWT (JSON web token) authentication could be a great improvement.
#4 Updated by Enziin System about 3 years ago
I think JWT is necessary.
Using the API key will require more actions, which is to force the user to create a key, then copy the API key into their application.
JWT authentication is simply using username/password
When we embed Redmine API into the mobile app, then JWT must be used.
If you use Redmine core in multi-million users application, then each request from the client on the mobile or the desktop and it will cause Redmine to query the Token table in the DB.
It is not effective and it will overload.