On 1/12/2018 6:03 AM, Andy Allan wrote:
In general, I'd like to disable HTTP Basic Auth to our API, and only use OAuth. This removes any need to share your OSM password with third parties. However, developers often find it easier to build integrations using basic auth, so I can imagine some opposition to this.
Do we need some terms for the API covering this kind of stuff? Right now it's not clear that a service that stores your OSM password server-side is violating anything.
_______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev