I've added a new authentication method to the API to prevent the need to share your Pinboard password with outside services. Instead of using your username and password in each API call, you can now pass an API token that's specific to your account. For example, instead of calling:
https://username:password@api.pinboard.in/v1/posts/update
You can now make the same API call like this:
https://api.pinboard.in/v1/posts/update?auth_token=username:ABCDEF
You can find your API token on your settings/password page. It looks like this:
There are two big advantages to using the token. First, unlike a lot of user passwords, it only works on Pinboard. So if an attacker gets hold of it, it strictly limits the damage they can do to your online life. Second, you can reset the token at any time without having to change your password.
Instapaper already supports the new API token (no surprise, since Marco encouraged me to make the change), and I hope other outside services will follow suit.
I will be deprecating username+password authentication from third-party web services in the next few weeks, once developers have had time to make the necessary changes.
—maciej on July 18, 2012
Pinboard is a bookmarking site and personal archive with an emphasis on speed over socializing.
This is the Pinboard developer blog, where I announce features and share news.
How To Reach Help
Send bug reports to bugs@pinboard.in
Talk to me on Twitter
Post to the discussion group at pinboard-dev
Or find me on IRC: #pinboard at freenode.net