Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
Bugzilla:BzAPI: Difference between revisions
Jump to navigation
Jump to search
→Authentication
| Line 57: | Line 57: | ||
== Authentication == | == Authentication == | ||
The API and the proxy support anonymous access as much as the target Bugzilla does. | The API and the proxy support anonymous access as much as the target Bugzilla does. | ||
Note: The above-mentioned instance of the API is available over HTTPS and accesses bugzilla.mozilla.org over HTTPS. (The cert is from GeoTrust's Equifax root, which should be trusted by all current browsers.) So login information should be safe in transit. | |||
There are two ways to authenticate. | |||
====Username and Password Auth==== | |||
Pass e.g.: | |||
username=fred@bedrock.com&password=ilovewilma | username=fred@bedrock.com&password=ilovewilma | ||
as query parameters on any request. | as query parameters on any request. | ||
====Cookie Auth==== | |||
If you have access to some existing Bugzilla login cookies for the user, you can also authenticate using that. You pass the data as URL parameters rather than as Cookie headers to prevent cross-site request forgery (XSRF). | |||
Note that the cookies are HTTPOnly and so you can't access this info from unprivileged in-page JavaScript. However, if you have chrome privileges, you can ask the cookie service. | |||
userid=1234&cookie=mG4J9OT4B6 | |||
The "userid" parameter is a numeric user ID, the contents of the "Bugzilla_login" cookie. The "cookie" parameter is a random string, the contents of the "Bugzilla_logincookie" cookie. | |||
== Field Control == | == Field Control == | ||