Up until now, you had to use your main Superfeedr login and password to perform API calls. This was simple but could also expose you to a security risk when working with a team if you had to share these credentials.
Today, we’re introducing simple authentication tokens. In practice, they behave exactly like passwords. You will still use HTTP basic auth against our
https://push.superfeedr.com endpoint: use HTTPS. The only important difference is that they can only authenticate against the API, and they can also be limited in scope. This means that a given token can only be used for certain calls:
- listing subscriptions
- retrieving a feed’s status
- xmpp authentication
The tokens are 32 bytes long strings, randomly generated, except for a small CRC. Using a CRC inside the string allows us to not hit the database for obviously wrong tokens.