The goal of this guide is to authenticate with email and password. This can be used for testing or for client applications that need to authenticate.
This guide assumes that the reader has basic knowledge of the following technologies:
1) Get your API key
Request your API key from https://dealer.cameramanager.com. The key will consist of 2 parts, an ID and a SECRET. For example, the ID can be "cameramanager.test" with the secret "qwertyuiopasdfghjklzxcvbnm12345".
Add your API key to the authorization header with Basic Auth. Set header "Authorization" with the ID and SECRET in this format: "Basic <ID>:<SECRET>" with the "<ID>:<SECRET>" encoded in Base64.
For example: "Basic Y2FtZXJhbWFuYWdlci50ZXN0OnF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tMTIzNDU="
The response will include an access_token which can be used with the other API calls. In case the access_token expires, the refresh_token can be used to obtain a new access_token.
3) Get new access_token via refresh token
In case your access_token is expired you can login again using the credentials (email and password). However, this requires your user to login very often which is not user friendly. You can locally store the credentials but this is not recommended for security reasons, in this case you can store the refresh_token and use this to get a new access_token. The access_token can be used again to use the API. The refresh_token will work until the user logs out.
To logout, perform the following API call which will delete the access_token and refresh_token. The API call must be performed as a DELETE HTTP request.