Authentication

API Authentication

The CloudCard API now supports Persistent Access Tokens (refresh tokens). Persistent Access Tokens are only used to request Authentication Tokens (session tokens), which can be used by service accounts to make API requests. Authentication Tokens expire automatically after 12 hours but can be deleted earlier by logging out.

 

API Authentication Flow

  1. A Persistent Access Token is created for a service account by a CloudCard director in the user interface. Get a Persistent Access Token.

  2. Next, the Persistent Access Token is used to Get an Authentication Token (Session Token).

  3. To use an Authentication Token, it should be passed as the value in the X-Auth-Token header for authenticated API requests.

  4. When finished with an Authentication Token, it should be deleted. Log Out Authentication Token(s).

 

Username and Password Authentication

This authentication strategy is designed to be used with user interfaces and is not the recommended authentication method for API Integrations.

Login:

URI: https://api.cloudcard.us/api/login

HTTP Method: POST

Example HTTP Request Body
{ "username":"myUserName", "password":"myPassword" }
Example Response
200 OK { "username": "myUserName", "roles": [ "ROLE_CARDHOLDER", "ROLE_DIRECTOR", "ROLE_OFFICE" ], "access_token": "lotsOfRandomNumbersAndLetters" }