i m looking for the way to authenticate admin and / or client with the api.
I don t understand the security system with the apikey.
I made a little test, for create client and i didn't need to authenticate me, simply send my apikey.
If i made an application, and put my apikey inside if people decompil it he could be use my apiKey.
What is the solution ?
thanks by advance,
Hum, after little invstigation i decide to do this.
create an account database on my own server with client account and clientID
But problem is the same.
i explain better ( i hope ).
If i have an adobe AIR application ( or flash / flex ), i can make a login form for ident the user on my server and get the clientID from this.
but for some campaign monitor i need the apiKey, i can send the apiKey when the user connect, but with simple soft like Charles, etherreal or other, i can see the apikey.
With this apikey, i can make what i want on campaign monitor without log me, if i can get an apikey of other user i can make all the api actions with this account .....
Do you have solution for this ?
Sure i can use my own proxy myApp->myServer with php campaign monitor api-> campaign monitor action -> myServer -> myApp but it s not a good way .....
I have been beating this drum for a while.. Apparently there is a solution in the works.
See This Post