Hi,
I would like to suggest the implementation of an optional userId parameter for the /api/session/token endpoint for manager and admin roles.
In Mexico, it is common for logistics companies to manage limited access accounts, often referred to as "mirror accounts," which are functionally equivalent to Traccar's "Read-only" accounts.
However, for many users, it is difficult to keep track of temporary emails and passwords, which are often created with a short expiration period (typically lasting only for the duration of a specific shipment or cargo trip).
While I am aware of the "Share Device" functionality, there are scenarios where a single user needs to monitor two or more GPS units simultaneously. In these cases, accessing a read-only account via a URL with an embedded token is significantly more convenient and user-friendly.
The goal is to streamline the current process, which requires several manual steps, into a single API call. Currently, the procedure is:
1.- Create a read-only account with a real or dummy email and a random password.
2.- Link the authorized units to that account.
3.- Log in to the newly created account.
4.- Navigate to the "Settings" menu (which is no longer visible in recent versions of traccar-web).
5.- Generate the access token and copy it.
6.- Log out of the read-only account.
7.- Log back into the manager account.
In our specific fork of traccar-web, we have already implemented a UI component to generate the token access URL ready to copy, but steps 3, 4, 6, and 7 remain necessary.
Having this parameter available in the API endpoint would help to avoid these 4 steps, and without swapping user sessions.
Best regards.
Hi,
I would like to suggest the implementation of an optional userId parameter for the /api/session/token endpoint for manager and admin roles.
In Mexico, it is common for logistics companies to manage limited access accounts, often referred to as "mirror accounts," which are functionally equivalent to Traccar's "Read-only" accounts.
However, for many users, it is difficult to keep track of temporary emails and passwords, which are often created with a short expiration period (typically lasting only for the duration of a specific shipment or cargo trip).
While I am aware of the "Share Device" functionality, there are scenarios where a single user needs to monitor two or more GPS units simultaneously. In these cases, accessing a read-only account via a URL with an embedded token is significantly more convenient and user-friendly.
The goal is to streamline the current process, which requires several manual steps, into a single API call. Currently, the procedure is:
1.- Create a read-only account with a real or dummy email and a random password.
2.- Link the authorized units to that account.
3.- Log in to the newly created account.
4.- Navigate to the "Settings" menu (which is no longer visible in recent versions of traccar-web).
5.- Generate the access token and copy it.
6.- Log out of the read-only account.
7.- Log back into the manager account.
In our specific fork of traccar-web, we have already implemented a UI component to generate the token access URL ready to copy, but steps 3, 4, 6, and 7 remain necessary.
Having this parameter available in the API endpoint would help to avoid these 4 steps, and without swapping user sessions.
Best regards.