i m looking for the way to authenticate admin and / or client with the api.
I don t understand the security system with the apikey.
I made a little test, for create client and i didn't need to authenticate me, simply send my apikey.
If i made an application, and put my apikey inside if people decompil it he could be use my apiKey.
What is the solution ?
thanks by advance,
Hum, after little invstigation i decide to do this.
create an account database on my own server with client account and clientID
But problem is the same.
i explain better ( i hope ).
If i have an adobe AIR application ( or flash / flex ), i can make a login form for ident the user on my server and get the clientID from this.
but for some campaign monitor i need the apiKey, i can send the apiKey when the user connect, but with simple soft like Charles, etherreal or other, i can see the apikey.
With this apikey, i can make what i want on campaign monitor without log me, if i can get an apikey of other user i can make all the api actions with this account .....
Do you have solution for this ?
Sure i can use my own proxy myApp->myServer with php campaign monitor api-> campaign monitor action -> myServer -> myApp but it s not a good way .....
I have been beating this drum for a while.. Apparently there is a solution in the works.
See This Post
From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that drive real business results.Get started for free