2013-07-02, 22:07
I've been working on a kind of web interface for XBMC (see http://forum.xbmc.org/showthread.php?tid=168296). I have a few questions regarding the JSON-RPC API and the way authentication is performed.
1. Is it possible to create a set of credentials that can only access certain parts of the API (and preferably not the standard web interface at all)?
2. Would it be possible to implement alternative authentication methods? Currently the username and password has to be provided in the URL or as HTTP headers. Some form of token-based system would be great, although I'm not sure how exactly it would work and how it would be beneficial. If someone has some good ideas regarding this, please post!
1. Is it possible to create a set of credentials that can only access certain parts of the API (and preferably not the standard web interface at all)?
2. Would it be possible to implement alternative authentication methods? Currently the username and password has to be provided in the URL or as HTTP headers. Some form of token-based system would be great, although I'm not sure how exactly it would work and how it would be beneficial. If someone has some good ideas regarding this, please post!