Is there a way to obtain a session token for a child account using the only the master account password (for the purpose of calling GetUploadNode to generate a child-specific access token).

The current method I'm using:

- Client asks server for upload node and access token

- Server uses specific child username/password to authenticate

- Server calls GetUploadNode and returns values to client

- Client can perform http post 

- Server must *know* child username/password

Essentially, I'd like to be able to generate the tokens only using the child username. If I can't do this, what would be the impact of calling SetChildAccountPassword and setting random passwords?

Thanks! 

Adam
 

The master account can upload to any of its children by using an absolute path as the destination of the file path.  An absolute path is defined with two slashes and provides the application and account name.  IE //myapp/childtorecievefile/uploadpath/file.txt. This is true for any situation where path is used in the IMFS.  This does not apply to one child trying to upload to another since only the master account has the security to access children.

As for generating a token for the child you cannot do that but you can upload to that child using the master account session token and upload token based on the masters request. 

AdamB:

Essentially, I'd like to be able to generate the tokens only using the child username. If I can't do this, what would be the impact of calling SetChildAccountPassword and setting random passwords?

This is up to your implementation, but it would only have the obvious consequence of not allowing that child account to log in without that random password.

This may not answer all of your questions, let me know if this does not address everything since I'm not sure under your implementation how you are going to be uploading.

Regards,
    Barry R.