I've been thinking about the same thing recently.  Even though we can argue that for the API to have feature parity with the web version, we should provide anonymous access, I'm reluctant to enable this without some sort of API key that can identify a consumer and can allow measuring load and blocking when necessary.

I'm also in favor of supporting the concept of an API key even for normal users, and not just for anonymous access.  This is of course until we support OAuth or something similar.

Thoughts are welcome though...

On Sun, Nov 13, 2011 at 8:51 AM, Volker Poplawski <volker.poplawski@atrics.de> wrote:
Hi all,

I'm playing with the SOAP interface of MantisBT.

I haven't been able yet to use the SOAP interface with the anonymous
account. A empty user name results in 'Access denied for user
anonymous.' and user 'anonymous' gets me a 'Access denied'

Is the anonymous user handled differently on SOAP than html or this a
bug worth reporting?


RSA(R) Conference 2012
Save $700 by Nov 18
Register now
mantisbt-help mailing list