Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Authentication to the API occurs via HTTP Basic Auth. Provide your app token as the basic auth username and the session token as password.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.
You authenticate to the Tapglue API by providing one of your app tokens in the request header. First you have to create an application in the dashboard to get an application key. You can manage your app tokens of your account in the dashboards applications section. Your token carry many privileges, so be sure to keep them secret!
It is very important that you keep your tokens secret. Treat them in the most secure way.
All requests, except creating users, require a session token. If you are using our user management we will provide the token to you after you login (
If you have your own user management your backend will have to create the session token. Stay tuned, we'll show you how to do it here soon!
We handle everything you need for your user management. If you still want to use your own or already have one, we support you with everything you need to get started and integrate with our API.
If you decide to use your own user management get in touch with us and we show you how to create the
SESSION_TOKENfrom your backend.
curl https://api.tapglue.com \ -u APP_TOKEN:SESSION_TOKEN
Besides the regular app token that you can retrieve from our dashboard after creating an app, we also provide a
BACKEND_TOKEN. That token always you to interact with the Tapglue API, without logging in users, thus without the need of a
SESSION_TOKEN. When using a
BACKEND_TOKEN you have to pass the
USER_ID instead. Following example shows authentication with a
curl https://api.tapglue.com \ -u BACKEND_TOKEN:USER_ID
As named, the
BACKEND_TOKENis meant to only be used from your backend. It removes the necessity of logging in users and therefore is very powerful. Treat this token with the highest possible caution.