API Changes

This document notes changes between versions of the Timetric HTTP API.

Except where noted, these changes are entirely backwards compatible; we introduce new endpoints and methods, but we very rarely deprecate or remove pre-existing endpoints or methods.

2009-08-10

Search endpoints

Timetric now exposes programmatic access to its search endpoints, in Opensearch Atom XML, and in two lightweight JSON formats.

Cross-domain Javascript requests

Timetric can now be used as the source of javascript cross-domain requests, for browser clients which understand the W3C Access Control protocol. (This includes Safari 4, Firefox 3.5 and IE 8)

Creating calculated series

Calculated series can now be created programmatically.

POST bodies with text/csv

When creating or updating series, allow the POST body to be raw text/csv instead of multipart data.

Removal of support for username/password authentication

As announced in the previous API release, in this release, support for use of login credentials over HTTP Basic is removed. API authentication must be done either with OAuth, or with API tokens.

2009-05-19

PUT to series URL

The PUT method is now supported on series URLs. The body of the PUT request is interpreted as a CSV file, and used to overwrite the existing history of the series.

Retrieval of full series data

We now officially document an endpoint to retrieve the full history of a series.

GET requests to either /series/SERIES_ID/csv/unix.csv or /series/SERIES_ID/csv/iso.csv will result in the full series history (in CSV, providing two different date formats.)

API Tokens

We now support an additional authentication method. You can now generate API Tokens for use within HTTP Basic authentication.

Deprecations

Deprecation of Username/Password logins for API requests

Until now, we’ve supported the use of username/password logins over HTTP Basic, as a lightweight alternative to OAuth. With the advent of API tokens, this is no longer necessary, and becomes an unwarranted security hazard.

We will continue to permit these logins as documented, but they will be withdrawn at a future API revision. Any scripts currently set up to use username/password logins should be migrated to use API tokens; this will require very little effort.

Deprecation of some authentication methods over unencrypted HTTP connections

Until now, we have supported API requests over both HTTP and HTTPS. In order to reduce the risk of credential sniffing, we intend to restrict authentication over un-encrypted HTTP sessions.

There are three non-deprecated authentication methods:

  • OAuth with HMAC_SHA1 signed requests
  • OAuth with PLAINTEXT signed requests
  • HTTP Basic using API tokens.

However, the use of any unencrypted authentication (the last two methods) is deprecated over unencrypted connections.

That is to say, over a plain HTTP connection, use of any authentication method other than OAuth/HMAC_SHA1 is deprecated, and support will be withdrawn in a future API revision.

We encourage authors of third-party applications, libraries, and scripts to use non-deprecated authentication methods as soon as possible. Please do contact us for help if necessary.

2009-03-20

The first version of the API.

Timetric Network
About Us
Support
Other