Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The public site API enforces authentication for all API calls. There are two methods a consumer of the API can choose from to authenticate their call. The first method uses the traditional cookie approach. This method is very similar to how a normal website controls authentication, whereby upon successful authentication, a cookie is returned and each subsequent request the cookie is sent. The other method of authentication supported by the API is a custom header/value pair. With this method the caller adds to their request header the issued token set against the header key of `sb-auth-token`.

Maintaining authentication

By default an authentication token/cookie is valid for 2 hours. In addition, each successful request to the API will included in the response a new authentication token/cookie. Simply, the API will slide the expiry of a valid authenticated call. 

Approach one: Always getting a token/cookie before making a call.

Pros: Easy.

Cons: Each API call requires two calls.

Approach two: Keeping token/cookie for the duration of two hours.

Pros: Easy, Allows for single API calls.

...

Cons: Need to track time, Logic to handle token/cookie time out.

How to authenticate

You will be issued a username and password. These credentials can be used to authenticate via the API endpoint /api/v1v2/authenticate. A successful call to this API will result with being issued a cookie and token.

...

Code Block
titleHTTP Request (RAW)
GET http://shelterbuddy-development/api/v1v2/authenticate?username=*******&password=**** HTTP/1.1
Content-Type: application/json
Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
User-Agent: RestSharp 104.1.0.0
Host: shelterbuddy-development-public
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

...

Code Block
titleHeader based authentication
	var client = new RestClient("http://dev.adoptapet.com.au/api/v1v2/");
	client.AddDefaultHeader("content-type", "application/json");
	
	var request = new RestRequest("authenticate?username={u}&password={p}", Method.GET);
	request.AddUrlSegment("u", "username");
	request.AddUrlSegment("p", "password");
	var result = client.Execute(request);
	var token = (string)JsonConvert.DeserializeObject(result.Content);
	
	client.AddDefaultHeader("sb-auth-token", token);
	
	request = new RestRequest("animals?animalStatusId={id}", Method.GET);
	request.AddUrlSegment("id", "3");
	
	result = client.Execute(request);

...

Code Block
titleCookie based authentication
	var client = new RestClient("http://dev.adoptapet.com.au/api/v1v2/");
	client.CookieContainer = new CookieContainer();
	client.AddDefaultHeader("content-type", "application/json");
	
	var request = new RestRequest("authenticate?username={u}&password={p}", Method.GET);
	request.AddUrlSegment("u", "username");
	request.AddUrlSegment("p", "password");
	var result = client.Execute(request);
	
	request = new RestRequest("animals?animalStatusId={id}", Method.GET);
	request.AddUrlSegment("id", "3");
	
	result = client.Execute(request);

...