Overview
...
Overview
The ShelterBuddy API enforces authentication for all API calls. There are two methods a consumer of the API can choose from to authenticate their call. The first method uses the traditional cookie approach. This method is very similar to how a normal website controls authentication, whereby upon successful authentication, a cookie is returned and each subsequent request the cookie is sent. The other method of authentication supported by the API is a custom header/value pair. With this method the caller adds to their request header the issued token set against the header key of `sb-auth-token`.
Maintaining authentication
By default an authentication token/cookie is valid for 2 hours. In addition, each successful request to the API will included include in the response a new authentication token/cookie. Simply, the API will slide the expiry of a valid authenticated call.
Approach one: Always getting a token/cookie before making a call.
Pros: Easy.
Cons: Each API call requires two calls.Approach two: Keeping token/cookie for the duration of two hours.
Pros: Easy, Allows for single API calls.
Cons: Need to track time, Logic to handle token/cookie time out.
Approach threetwo: Update token/cookie after each call.
Pros: Authentication will slide
Cons: Need to track timecookie, Logic to handle token/cookie time out.
Some REST clients will automatically track cookies with minimal or even without any custom logic required
How to authenticate
You will be issued a username and password. These credentials can be used to authenticate via the API endpoint /api/v2/authenticate. A successful call to this API will result with being issued a cookie and token.
...