Page Comparison

API Authentication

The CloudCard API now supports Persistent Access Tokens (refresh tokens). Persistent Access Tokens are only used to request Authentication Tokens (session tokens), which can be used by service accounts to make API requests. Authentication Tokens expire automatically after 12 hours but can be deleted earlier by logging out.

API Authentication Flow

1. A Persistent Access Token is created for a service account by a CloudCard director in the user interface. Get a Persistent Access Token.

2. Next, the Persistent Access Token is used to Get an Authentication Token (Session Token).

3. To use an Authentication Token, it should be passed as the value in the X-Auth-Token header for authenticated API requests.

4. When finished with an Authentication Token, it should be deleted. Log Out Authentication Token(s).

Username and Password Authentication

Login:

URI: https://api.onlinephotosubmission.com/api/login

...

200 OK
{
    "username": "myUserName",
    "roles": [
        "ROLE_CARDHOLDER",
        "ROLE_DIRECTOR",
        "ROLE_OFFICE"
    ],
    "access_token": "lotsOfRandomNumbersAndLetters"
}

Logout:

URI: https://api.onlinephotosubmission.com/person/me/logout

HTTP Method: POST

Required Headers: 

• X-Auth-Token (see: Authentication)

• Accept: application/json

• Content-Type: application/json

Body (optional):

{
    "authenticationToken": "[authentication token value]"
}

• If specified, only this authentication token is deleted. Other sessions belonging to this user which use other tokens will remain active.

• If not specified (or if the specified value doesn’t match an existing token), ALL authentication tokens will be deleted, immediately ending ALL sessions for this user.

Response:

204 NO CONTENT