External Applications¶
People can write programs which talk to Timetric on your behalf - providing Timetric’s features through other applications.
In order to do this, these applications will need to be able to authenticate as you - that is, they’ll need to be able to prove to us that they’re allowed to act on your behalf.
There are two ways they might do this; called “OAuth” and “API tokens”. Note that neither of these methods ever require you to give your username and password to anyone else. If any other application ever asks you for your timetric login details, do not give them out!! And please let us know about it - we’ll want to have words with whoever’s asking for your login details.
In either case, you can give applications permission to act on your behalf, and later on, change your mind, and remove that permission.
Granting permission with OAuth¶
If an application wants you to use OAuth to authenticate, you’ll be sent to Timetric and asked to log in, and then taken to a page like this (with “TimetricReader” replaced by the name of whatever application you’re using)
If you tick the “Authorize access” box and click Submit, you’ve allowed this application to act on your behalf.
Granting permission with API Tokens¶
An application may ask you for an API token in order to act on your behalf. You can create an API token by going to your settings page.
By clicking on ‘Generate API token’, you can create a new API token. You’ll need to give it a name, so you can remember what you generated it for.
An API token consists of a pair of opaque strings, called the Key and the Secret. You will need to pass these to the application.
Removing permissions¶
You can remove the permissions for applications using either OAuth or API Tokens in the same way. On your settings page, each OAuth application you’ve authorized, and each API Token you’ve generated, has a “Revoke” button, which works as you’d expect.