OAuth email/password
Goal
The goal of this guide is to authenticate with email and password. This can be used for testing or for client applications that need to authenticate.
Assumptions
This guide assumes that the reader has basic knowledge of the following technologies:
Reader is familiar with getting data from a REST API
- JSON data structures
- Authenticate
1. Get your API key
Request your API key from https://dealer.cameramanager.com. The key will consist of 2 parts, an ID and a SECRET. For example, the ID can be "cameramanager.test" with the secret "qwertyuiopasdfghjklzxcvbnm12345".
2. Login
Add your API key to the authorization header with Basic Auth. Set header "Authorization" with the ID and SECRET in this format: "Basic :" with the ":" encoded in Base64.
For example: "Basic Y2FtZXJhbWFuYWdlci50ZXN0OnF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tMTIzNDU="
The response will include an access_token which can be used with the other API calls. In case the access_token expires, the refresh_token can be used to obtain a new access_token.
http://rest.cameramanager.com/oauth/token?grant_type=password&scope=write&username=<username>&password=<password>
Headers HTTP POST:
Accept application/json
Authorization Basic Y2FtZXJhbWFuYWdlci50ZXN0OnF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tMTIzNDU=
Response:
{
"access_token": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa:10003",
"token_type": "bearer",
"refresh_token": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa:10003",
"expires_in": 43199,
"scope": "write"
}
3. Get new access_token via refresh token
In case your access_token is expired you can login again using the credentials (email and password). However, this requires your user to login very often which is not user friendly. You can locally store the credentials but this is not recommended for security reasons, in this case you can store the refresh_token and use this to get a new access_token. The access_token can be used again to use the API. The refresh_token will work until the user logs out.
https://rest.cameramanager.com/oauth/token?grant_type=refresh_token&scope=write&refresh_token=aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa:10003
Headers HTTP POST:
Accept application/json
Authorization Basic Y2FtZXJhbWFuYWdlci50ZXN0InF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tMTIzNDU=
Response:
{
"access_token": "bbbbbbbb-bbbbb-bbbbb-bbbbb-bbbbbbbbbbbbb:10003",
"token_type": "bearer",
"refresh_token": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa:10003",
"expires_in": 43199,
"scope": "write"
}
4. Logout
To logout, perform the following API call which will delete the access_token and refresh_token. The API call must be performed as a DELETE HTTP request.
http://rest.cameramanager.com/rest/v2.0/users/self/tokens/current
Headers HTTP DELETE:
Accept application/json
Authorization Bearer bbbbbbbb-bbbbb-bbbbb-bbbbb-bbbbbbbbbbbbb:10003
Response:
HTTP 200 OK
Updated over 1 year ago