API feedback

Here are some issues I ran into while implementing a Beeminder integration with TagTime Web (demo):

  • The actual contents of the goal aren’t included in the autofetch callback. While this might seem like a minor inconvenience, my database architecture makes it really easy to go from user ID to Beeminder token, but not the other way around. If I could get the goal data, then I could take advantage of the fact that I encode the user ID in each datapoint, to lookup that UID’s Beeminder token, and resync from there
  • There is no way to verify that the autofetch callback is coming from Beeminder, instead of someone pretending the be Beeminder. I could get around this by using a secret URL path (and making the randomized part configurable since my backend is open-source), but why not just use the OAuth secret to allow verifying that I’m talking to the real Beeminder
  • Increase the security of your API docs with just one click: go to https://github.com/beeminder/apidocs/settings and check “Enforce HTTPS” (otherwise it defaults to using HTTP to serve the API docs)
  • Would be nice if I could give access to individual goals instead of full account access
  • No way to change the icon used here from the default bee:
  • The only way to see the number of app users is by going to the page where the app can be edited, clicking “Delete App”, reading it from the “are you sure you want to delete” message, then cancelling the deletion (or finding “Are you sure? This app has 2 users, who will be affected” in the source code)
  • No way to enable HH:MM formatting from API

I think you can set hhmmformat via the api?