Myk Melez myk at
Tue Jun 17 17:07:00 UTC 2003

Jim Walters wrote:

>Thanks. I'll start with those. One question is whether (with cookie
>based authentication) to use the cookie system for SOAP:
My guess is yes unless there's a good reason to use something else.

>I probably need to force the client to keep and resend the
>authentication token with each API once one has been acquired. 
Right.  You might also make it possible for the client to send the 
username/password with every request (as the web interface currently 
allows), and it should also be possible to make certain calls without 
authenticating at all.

Come to think about it, since you can do a lot without authenticating, 
perhaps authentication and authorization aren't the highest priorities 
after all.  I'd reorder them as follows:

searching for bugs/bug list
retrieving a bug
entering a new bug
updating an existing bug

>Here I'm thinking along the lines of whether it is generally better to
>use one or two APIs to break up a functions return data. Here is an
>example... given an API to return query results should it be broken up
>into two calls (return the ids, and then a second call to return the
>record values for a single id) or a single super flexible call to return
>the values for a list of ids.
If the API is for query results then I would think it takes a list of 
criteria and returns the set of matching records.

>Ideally it would reflect the calls in the
>Bugzilla library and the SOAP layer would just match the existing APIs. 
Right, although we should munge where appropriate to provide a better 
API where the internal one is crufty.


More information about the developers mailing list