API authentication feedback

SirCmpwn · December 9, 2017, 3:18pm

A little feedback on the API’s authentication.

I would like to be able to generate personal access tokens as an alternative to the full-blown application registration flow plus OAuth authorization flow. My use-case is only for connecting my own personal software to ony my own Patreon campaign. For this use-case it saves me a lot of time and work to just click a button and get a working OAuth token. Figured out this is what the “Creator Access Token” is supposed to be.
Patreon should show the OAuth token to us once, then hash it and never show it to us again. This would allow you to keep secrets out of your database, so any possible database compromise does not lead to OAuth tokens being compromised with it. Basically, treat client IDs and OAuth tokens like passwords.

telaviv · December 12, 2017, 7:12am

Yes this is a great idea and we definitely want to move towards treating access tokens more like secrets. Leaking tokens is something we take super seriously and we’re trying to hard to keep this data safe. Please let us know if you have any other dope ideas!

Topic		Replies	Views
Creator Token Confusion, Need Help Friendly Help	3	376	August 31, 2021
PHP API v 2.0 Issue Friendly Help	12	2250	May 4, 2018
Welcome to the Patreon developers community!	7	13674	January 25, 2020
Creator tokens still expiring? API Feedback	4	544	February 20, 2021
Access token not working? Friendly Help	5	735	March 1, 2019

API authentication feedback

Related topics