| Info |
|---|
Username and password authentication is designed for user interfaces. |
...
API Authentication
The CloudCard API now supports Persistent Access Tokens (refresh tokens). Persistent Access Tokens are only used to request Authentication Tokens (session tokens), which can be used by service accounts to make API requests. Authentication Tokens expire automatically after 12 hours but can be deleted earlier by logging out.
API Authentication Flow
A Persistent Access Token is created for a service account by a CloudCard director in the user interface. Get a Persistent Access Token.
Next, the Persistent Access Token is used to Get an Authentication Token (Session Token).
To use an Authentication Token, it should be passed as the value in the
X-Auth-Tokenheader for authenticated API requests.When finished with an Authentication Token, it should be deleted. Log Out Authentication Token(s).
Username and Password Authentication
| Info |
|---|
This authentication strategy is designed to be used with user interfaces and is not the recommended authentication method for API Integrations. |
Login:
URI: https://api.onlinephotosubmissioncloudcard.comus/api/login
HTTP Method: POST
...
| Code Block | ||
|---|---|---|
| ||
200 OK
{
"username": "myUserName",
"roles": [
"ROLE_CARDHOLDER",
"ROLE_DIRECTOR",
"ROLE_OFFICE"
],
"access_token": "lotsOfRandomNumbersAndLetters"
} |
Logout:
URI: https://api.onlinephotosubmission.com/person/me/logout
HTTP Method: POST
Required Headers:
X-Auth-Token (see: Authentication)
Accept:
application/jsonContent-Type:
application/json
Body (optional):
| Code Block | ||
|---|---|---|
| ||
{ "authenticationToken": "[authentication token value]" } |
If specified, only this authentication token is deleted. Other sessions belonging to this user which use other tokens will remain active.
If not specified (or if the specified value doesn’t match an existing token), ALL authentication tokens will be deleted, immediately ending ALL sessions for this user.
Response:
| Code Block |
|---|
204 NO CONTENT |