https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962 --- Comment #15 from David Cook <dcook@prosentient.com.au> --- I'm planning on making a plugin for this, and it's got me thinking more about what people would accept in the longer term... I'm thinking /api/v1/auth/ will be the route, and it'll take "username" and "password" JSON POST parameters. I've noticed FortiAuthenticator works this way; it's the way that the ILS-DI API works; it would be difficult to abuse. I suppose we could argue about the route name. FortiAuthenticator uses that exact same route, but I suppose it could be /api/v1/patrons/auth, so it makes it more obvious that it's a route not for authenticating to use the API but rather just for authenticating patrons. -- You are receiving this mail because: You are watching all bug changes.