Now that I've finally dived into the world of the Wikidot API, my imagination has gone wild with ideas for applications.
Now with my applications, it is not always practical to use the user's API key. For example, not all users have API keys. There are some tasks that I want anonymous users to be able to achieve, or even non-pro users.
At the moment, this is technically possible by creating a new user account for the specific purpose of reading and creating pages via the API. However this comes with its downfall too:
- User's would need to “invite” the Application to join their site
- User's would need to wait until the Application accepts the invitation
- User's would need to promote the Application to a Mod/Admin of their site
An additional downfall is that after creating a Wikidot account as an Application, somebody would need to log in to that Application account and manually accept all invitations to sites.
I propose that some sort of “Application Key” is introduced to streamline the whole API experience:
Proposition
Apply
As developers, we send an application form to Wikidot that:
- Contains the name of the application
- Explains why the application requires its own API key (as opposed to the Wikidot user providing their API key)
- Says who will be responsible for the application (for legal reasons, if the developer creates an abusive application)
Create Account
Assuming that all is fine, Wikidot then approves the application form and provides the responsible developer with a new type of Wikidot account that:
- Creates an account with "wdapi_" prepended to the nominated application name
- Does not have write privileges when using Wikidot's web interface (so you can't accidentally make forum posts or page edits)
- Has write privileges when used with the Wikidot API
- Allows you to regenerate API keys for the account
For example, if I applied for an application named "backup-restore", I would be granted a Wikidot account named "wdapi_backup-restore".
Enable Apps "Per Site"
Now that the developers have an application key, they can use it in their application. However, sites still need to activate API access for each program. Thus, in the Site Manager (admin:manage) under "API access", there will be a new section that:
- Is called “Application Access”
- Has a text box with an “add application” button next to it
- Has a list of allowed applications
- Next to each allowed application are check boxes with the fields: Read, Write
- Has a “save changes” button
When you type in an application's name in the text box, you can then click “add application” and add the application to the allowed list.