Is your feature request related to a problem? Please describe.
The current APIs is designed for the SPA. It is not available for third parties due to it's cookie based authentication and not stable. Changes in this internal API are not documented and do not follow semver.
Describe the solution you'd like
Add a separate stable API for third-party applications.
Possible third parties:
- Browser / Email-Client Addons
- Desktop Clients
- Room Media Appliances
- Admin automation tools (e.g. Ansible)
- MCP Clients
Clients should be able to authenticate against the API using OAuth.
We will initially only support the authorization code grant.
Support for device authorization grant and client credentials grant might be add at a later point in time.
Describe alternatives you've considered
Open up the current API for third-party apps: Complex to combine with OAuth and Scopes, fewer adjustments to improve user experience for all regular web-users.
Additional context
none
Is your feature request related to a problem? Please describe.
The current APIs is designed for the SPA. It is not available for third parties due to it's cookie based authentication and not stable. Changes in this internal API are not documented and do not follow semver.
Describe the solution you'd like
Add a separate stable API for third-party applications.
Possible third parties:
Clients should be able to authenticate against the API using OAuth.
We will initially only support the authorization code grant.
Support for device authorization grant and client credentials grant might be add at a later point in time.
Describe alternatives you've considered
Open up the current API for third-party apps: Complex to combine with OAuth and Scopes, fewer adjustments to improve user experience for all regular web-users.
Additional context
none