Overview
The public site API enforces authentication for all API calls. There are two methods a consumer of the API can choose from to authenticate their call. The first method uses the traditional cookie approach. This method is very similar to how a normal website controls authentication, whereby upon successful authentication, a cookie is returned and each subsequent request the cookie is sent. The other method of authentication supported by the API is a custom header/value pair. With this method the caller adds to their request header the issued token set against the header key of `sb-auth-token`.
Maintaining authentication
By default an authentication token/cookie is valid for 2 hours. In addition, each successful request to the API will included in the response a new authentication token/cookie. Simply, the API will slide the expiry of a valid authenticated call.
Approach one: Always getting a token/cookie before making a call.
Pros: Easy.
Cons: Each API call requires two calls.
Approach two: Keeping token/cookie for the duration of two hours.
Pros: Easy, Allows for single API calls.
Cons: Need to track time, Logic to handle token/cookie time out.
Approach threetwo: Update token/cookie after each call.
...
Cons: Need to track time, Logic to handle token/cookie time out.
How to authenticate
You will be issued a username and password. These credentials can be used to authenticate via the API endpoint /api/v2/authenticate. A successful call to this API will result with being issued a cookie and token.
...