Undocumented API resource (AuthentificationRequest)


is there an undocumented operation for an authentification request with email and password? I found an AuthenticationRequest in your working API https://clockify.github.io/clockify_api_docs/#definition-AuthenticationRequest without a related operation.

We could handle the API request with the X-Api-Key from an admin account, but this will increase security aspects.

One last note: It would be great, if you can share the swagger json file.


PS: Is it better to ask here or on stackoverflow?

Unfortunately, no. We don’t provide any other way to authenticate a request. You can authenticate only via API key.

The AuthenticationRequest in working API was generated automatically along with the rest of the docs, and it’s no longer in use.

Regarding the swagger file, we don’t share it due to security concerns.

Thanks for the answer

@user11022020 What use case would authenticating with username and password serve in your scenario? How would that reduce the security aspect?