There are some upcoming breaking changes to the API. 

The most important change is that we're switching from HTTP Basic Auth to a cookies based authentication. Starting now, the /login endpoint will set one or more cookies. The `token` field in the returned login object will be blank. Your existing Basic Auth tokens will continue to work until the end of September, or when they expire, whichever comes first.

Along with switching to a cookies based authentication system, we have added CSRF protection to all POST endpoints. When using the `login` endpoint, the User structure that's returned now includes a `csrf_token` field. Use that value for the `csrf` POST parameter now required by these endpoints. NOTE: During this transition period, if you use HTTP Basic Auth, the csrf POST value is not required, so your code should continue to work.

Finally, we are switching the domain of the API. It has been It is moving to The old domain will continue to work until the end of September, but please update your code as soon as possible.

I apologize for this, but these changes are needed. The switch to a cookies-based authentication was to support chat; no Javascript websocket libraries support Basic Authentication or adding HTTP header fields. The other changes were a result of this as well.

Your code should continue to work as is until the end of September, but please update as soon as possible. Please let me know if you have any questions.


Join to automatically receive all group messages.