Hey all: What do people think about having keys for Koha APIs? Someone would register a key in Koha and give that key to the developer, the developer puts it in their app configuration, and they're good to go. One advantage would be that apps utilizing web services wouldn't actually have access to Koha itself - just to the APIs associated with the API key. By that same token, a Koha administrator could easily revoke access to an API if necessary for whatever reason. I'm sure there are other advantages as well. I was thinking a single API key could replace the username/password pair, but you still might want a client_id and an API key, so you're still managing two fields in your configuration. Anyway, just a thought. David Cook Systems Librarian Prosentient Systems 72/330 Wattle St, Ultimo, NSW 2007