Let me get an API access token right from the MURAL web GUI
The new MURAL API (Beta) is awesome! And I have been encouraging my teammates to try it out.
To make it easier for them to get started, I set up a web app where my teammates can log in through SSO and then get a MURAL API access token to use.
If someone is building an integration app, OAuth 2.0 is the way to go.
However, for someone just getting started on their own, for someone who wants to run a few scripts to process the contents of a mural or two, setting something up to go through OAuth 2.0 just to get an access token is a pretty long walk.
Add something to the MURAL web interface so that a mural creator can get an API access token for that mural right from the MURAL GUI.
Thoughts and implementation ideas:
- You know they have authenticated, because they are in the MURAL GUI.
- Only the mural creator would be authorized to get a token this way.
- You could set the token to be valid for only that mural.
- Scopes could be selected from a drop-down list.
- Once the mural creator copies the token, there is no way to view it again (you'd just have to get a new one.)
- The token would expire - in 15 minutes(?) - like the tokens from OAuth 2.0.
- You could make tokens obtained this way un-refreshable.
From a security perspective:
- Making the token available to only the creator of that mural, making it valid for only that mural, and making it un-refreshable would be *more* secure than the current OAuth 2.0 process.
From a business perspective:
- This would really make it easier for people to get value from the new API faster.
Is the MURAL team already planning something like this?
To other API users: What do you think? Would you use this feature?