Security Approach For Consuming Gitea APIs

It is advised that using Gitea APIs for customization. It seems to be better to have another web application as a client of Gitea APIs for any customization functionalities. One way to handle the security is to obtain a security token first by calling …/api/v1/users//tokens and use the token for any following API calls. To do so, the client application needs to know the user credentials of the Gitea. A simple way to achieve the goal is that the user credentials for the client application are the same for the Gitea.

Any better alternative approaches if there is a user administration management system out there?

If you have another web application attempting to consume Gitea APIs it is recommended you use OAuth2: OAuth2 provider - Docs

1 Like