Introduction

To access the web API, you have two ways to authenticate requests:

• IP Address: only machine(s) with given IP will have access to the API
• User and key: you should retrieve a Token from the API with you user/key and then, pass the Token along all requests you do.

You can choose to use either or both, but at least one method must be selected.

Access token retrieval

You should issue a POST request to /Token endpoint, in form-urlencoded format

Request:

POST /Token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
 
grant_type=password&username=john%40example.com&password=3cdbdda34160…

Parameters are:

• grant_type: fixed string with ‘password’ value.
• username: API user.
• password: API key encrypted with given RSA public key. It should be in HEX format.

Here is the RSA public key in Base64 (also attached as an XML file):

ynqY4P5mfcYttT840IgPtQxQXZNbHnYROPl5oU8wSiC3PepF/cjYNReva+4/5RZYSOR0ZqZmTZiJbxhdF7icmydIpi3IFFtfNZwXNyDT5176EOyuhtNjLehwqFupHJ+3VYTUzqZPEMXC1jVilfIGVKJEGLgz4d5UpYrqFiodyJ/JZ+Qj1hyJV0QHSm8V9fUz6RCXFiUMo4oDEakh78eQXSM+lM1FVkfGut42C1prpyouhkIMfsYA2XOOkjiVxYOwy0TEb+/QTvJAzOzPNU1OR9s9e8Uvw8cD8O1+gc9SDNO1FfUMJFnLdG9nhTFTQusM/cGEV4TAW4op8O+LbyZonQ==

In case of success, API returns:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
     "access_token":"AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1",
     "token_type":"bearer",
     "expires_in":1209599
}

Request authentication

Access token (access_token field) have to be added to all requests’ headers in Authorization field, with Bearer scheme:

Authorization: Bearer AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1

In case of error, API returns:

HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
{
    "error":"invalid_grant"
}