Undocumented API resource (AuthentificationRequest)

user11022020 · February 11, 2020, 10:59am

Hi,

is there an undocumented operation for an authentification request with email and password? I found an AuthenticationRequest in your working API https://clockify.github.io/clockify_api_docs/#definition-AuthenticationRequest without a related operation.

We could handle the API request with the X-Api-Key from an admin account, but this will increase security aspects.

One last note: It would be great, if you can share the swagger json file.

Regards,
Denny

PS: Is it better to ask here or on stackoverflow?

clockify · February 14, 2020, 12:42pm

Unfortunately, no. We don’t provide any other way to authenticate a request. You can authenticate only via API key.

The AuthenticationRequest in working API was generated automatically along with the rest of the docs, and it’s no longer in use.

Regarding the swagger file, we don’t share it due to security concerns.

user11022020 · February 14, 2020, 1:31pm

Thanks for the answer

ljubomir · February 18, 2020, 9:59am

@user11022020 What use case would authenticating with username and password serve in your scenario? How would that reduce the security aspect?