Help us improve

Update the REST API authentication method

This is in reference to "http://www.kashflow.com/developers/rest-api/sessiontoken/"

Authentication using username / password does not make sense when HTTPS and API tokens exist and are reliable. The suggestion that the system pass plain text passwords and use character positions in the users memorable implies storage of the memorable word in plain text which would be odd to say the least!


I understand dealing with this is still to be sorted which is a shame as I would think its a relatively small effort - though very important. If that were done I would hope the warnings on the "shiny new API" could turn from "You should not be using it in a production environment" to "Be aware it can change, use at your own risk" then early adopters would be happier to go in and help test it.

Please.... pretty please?
  • Christina Spencer
  • Jan 10 2017
  • Under Review
  • Jan 10, 2017

    Admin Response

    Hi all, There is a project currently running with our platform team who are looking at our authentication methods within the REST API. We should hopefully have an update for you on this in the near future.
  • Attach files
  • Christina Spencer commented
    January 10, 2017 09:20

    Hi - I have not seen any response to this - have you been able to get some response form your development team?

  • Christina Spencer commented
    January 10, 2017 09:20

    Thanks - have the development team been able to provide any advice on this?

  • Christina Spencer commented
    February 6, 2017 13:45

    OK - so by changing the Canvass platform all items are magically new.... for the record I raised this in 2014 so if anyone is looking at this with a view to subscribing to  KashFlow - if you need the API don't bother. They don't care.