Authentication

Onur Akpolat edited this page Oct 18, 2016 · 1 revision

Authentication to the API occurs via HTTP Basic Auth. Provide your app token as the basic auth username and the session token as password.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.

App token

You authenticate to the Tapglue API by providing one of your app tokens in the request header. First you have to create an application in the dashboard to get an application key. You can manage your app tokens of your account in the dashboards applications section. Your token carry many privileges, so be sure to keep them secret!

It is very important that you keep your tokens secret. Treat them in the most secure way.

Session token

All requests, except creating users, require a session token. If you are using our user management we will provide the token to you after you login (user/login) endpoint.

If you have your own user management your backend will have to create the session token. Stay tuned, we'll show you how to do it here soon!

We handle everything you need for your user management. If you still want to use your own or already have one, we support you with everything you need to get started and integrate with our API.

If you decide to use your own user management get in touch with us and we show you how to create the SESSION_TOKEN from your backend.

Example

curl  https://api.tapglue.com \
-u APP_TOKEN:SESSION_TOKEN

Backend token

Besides the regular app token that you can retrieve from our dashboard after creating an app, we also provide a BACKEND_TOKEN. That token always you to interact with the Tapglue API, without logging in users, thus without the need of a SESSION_TOKEN. When using a BACKEND_TOKEN you have to pass the USER_ID instead. Following example shows authentication with a BACKEND_TOKEN:

curl  https://api.tapglue.com \
-u BACKEND_TOKEN:USER_ID

As named, the BACKEND_TOKEN is meant to only be used from your backend. It removes the necessity of logging in users and therefore is very powerful. Treat this token with the highest possible caution.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.