37Signals rolled out their new unified authentication system – 37signals ID a while back. The new system required all users migrate their accounts and pick up a new username / password. This username / password will work across all Basecamp sites and all 37Signals products.

I wrote about it in December, and was happy that everything worked smoothly after the upgrade, and PlannerX worked without a change.

But I was in for a big shock (since I don’t read the 37Signals API developer’s mailing list!!)

The authentication system has changed. Instead of username and password, third party applications now have to authenticate via a 40 letter hex token. The token can be found under the user’s account info – hidden normally, available only after clicking a link!

This meant users of 3rd party applications that relied on Basecamp APIs – e.g. our PlannerX – would break. And won’t work until users entered their token as username and “X” as password. Crazy!

This scared me. We did not want to scare our users too! As it is, the dual login (first to PlannerX and then to Basecamp) is troublesome, having to find and paste the token for login would really be the straw that broke our camel’s neck!

I came to know about this today, and the deadline is less than 2 days away! This means, if I don’t do something right now, over this weekend, PlannerX will come to a grinding halt, and simply spit out authentication failed errors to all users.

Really a big price for not monitoring the API mailing list…

I took a few deep breaths and continued reading the mailing list.

Surely, the whole topic led to a lot of confusion and discussions among developers. The deadlines for rolling out new authentication system were pushed back so that all developers could accommodate the change.

But there was a silver lining. A new API was added that would work with the username and password as usual, and provide logged in user’s profile information – name, phone numbers etc.

Along with a silver bullet – that 40 letter hex token!

Bingo!

I just finished an update that now makes PlannerX compatible with the new token based authentication system for Basecamp.

And what’s the change for PlannerX users? Nothing! You can continue using the system as usual! When you login with your username and password, we automatically look up your token and use that for all further API communications with Basecamp.

Simple solution to a complicated issue. Took 15 minutes of development, 25 minutes of testing, and 20 minutes writing this post! Not too bad for such a big change! Was certainly less than what I feared!

If you are using OpenID for logging in, you will have to use the 40 digit token as username and “X” as password while you login to Basecamp via PlannerX.

Cheers! I can now have a good weekend!

(PS: I am onto a whole lot of other upgrades to PlannerX. Watch this space for more!)