Rest API User authentication

User authentication

What is authentication for?

Authentication - is a process of user validation, and in case everything is correct - his authorization with certain rights. REST API works on the principle of assigning resources, where only the owner of some resource can get access to it. With this approach, users can be secure about their data. REST API has 2 protocols of user authentication - OAuth 2.0 and HTTPSignatureAuthentication. More details about each protocol can be found below:

OAuth 2.0 (recommended)

OAuth 2.0 has a very simple scheme, that can be presented in 2 stages:

User authorization
Getting a security token for access to protected resources Each REST API command has to be signed up - which means that it has to provide information that REST API will use for its authentication. Here, this function is exercised by a special token received during the process of user authorization. OAuth 2.0 protocol provides several options of receiving the token. In this example we will use the simplest method where a user has to state his data. To get a token you should form a object with the following structure:


        client_id:<client_id>
        client_secret:<client_secret>
        grant_type:password
        username:<your username>
        password:<your password>

where client_id, client_secret - is a special key and signature unique for each service used by REST API, grant_type - type of authorization (in this case using user's data), username - user's login, password - user's password. To receive the key please contact us at info@datawiz.io. A received object send as POST-request to http://api.datawiz.io/api/o/token/, stating the type of content in the heading (for example Content-Type: application/x-www-form-urlencoded)

Server's responce in case of successful authorization:

{
  "access_token": "a4z4XoChBtHFGyMVrebwgnVcUnDEFc",
  "token_type": "Bearer",
  "expires_in": 36000,
  "refresh_token": "ea9sPsCPyRScREoDVl95MkQPiCF1T5",
  "scope": "read write"
}

Received access_token can be used for authorization of REST API commands. Example of request to server using access_token:


 Request
   GET http://api.datawiz.io/api/v1/
   Headers
     Host: api.datawiz.io,
     Accept: application/json,
     Date: Mon, 17 Feb 2014 06:11:05 GMT,
     Authorization: Bearer a4z4XoChBtHFGyMVrebwgnVcUnDEFc

After the request the server returns 200 status (the command is authorized) or 401 (the command is unauthorized). Each access_token is given for a defined period of time (stated in expires_in), and after that a user has to undergo the process of reauthentication.

Rest API User authentication

User authentication

What is authentication for?

OAuth 2.0 (recommended)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!