Introduction
To access the web API, you have two ways to authenticate requests:
- IP Address: only machine(s) with given IP will have access to the API
- User and key: you should retrieve a Token from the API with you user/key and then, pass the Token along all requests you do.
You can choose to use either or both, but at least one method must be selected.
Access token retrieval
You should issue a POST request to /Token endpoint, in form-urlencoded format
Request:
POST /Token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=password&username=john%40example.com&password=3cdbdda34160…
Parameters are:
- grant_type: fixed string with ‘password’ value.
- username: API user.
- password: API key encrypted with given RSA public key. It should be in HEX format.
Here is the RSA public key in Base64 (also attached as an XML file):
ynqY4P5mfcYttT840IgPtQxQXZNbHnYROPl5oU8wSiC3PepF/cjYNReva+4/5RZYSOR0ZqZmTZiJbxhdF7icmydIpi3IFFtfNZwXNyDT5176EOyuhtNjLehwqFupHJ+3VYTUzqZPEMXC1jVilfIGVKJEGLgz4d5UpYrqFiodyJ/JZ+Qj1hyJV0QHSm8V9fUz6RCXFiUMo4oDEakh78eQXSM+lM1FVkfGut42C1prpyouhkIMfsYA2XOOkjiVxYOwy0TEb+/QTvJAzOzPNU1OR9s9e8Uvw8cD8O1+gc9SDNO1FfUMJFnLdG9nhTFTQusM/cGEV4TAW4op8O+LbyZonQ==
In case of success, API returns:
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 { "access_token":"AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1", "token_type":"bearer", "expires_in":1209599 }
Request authentication
Access token (access_token field) have to be added to all requests’ headers in Authorization field, with Bearer scheme:
Authorization: Bearer AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1
In case of error, API returns:
HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 { "error":"invalid_grant" }
Comments
0 comments
Please sign in to leave a comment.