API Authentication
These parameters are optional for unauthenticated API access (in some cases, you may get additional results here), and mandatory for authenticated API access.
Acquiring API tokens
If you don't already have a set of identifier tokens, you will need to acquire them.
API target: https://amphibiandisease.org/api.php
Method: POST
Parameters:
Parameter | Value |
---|---|
action |
login |
username |
The email of the user |
password |
The password of the user |
Response:
Please note that a "JSON string" is not an object, below. It is instead a string representing JSON that will have to be json_decode()
d (PHP) or JSON.parse()
d (JavaScript).
Key | Detail |
---|---|
status |
true or false (boolean) |
user |
JSON string of {'COOKIE_NAME':'USER_EMAIL'} |
auth |
JSON string of {'COOKIE_NAME':'USER_AUTHORIZATION_HASH'} . |
secret |
JSON string of {'COOKIE_NAME':'USER_AUTHORIZATION_SECRET'} . |
link |
JSON string of {'COOKIE_NAME':'USER_DB_UNQ_ID'} . |
pic |
JSON string of {'COOKIE_NAME':'USER_PICTURE_PATH'} . |
name |
JSON string of {'COOKIE_NAME':'USER_FIRST_NAME'} . |
full_name |
JSON string of {'COOKIE_NAME':'USER_FULL_NAME'} . |
js |
A JavaScript function to evaluate using js-cookie to set the cookies in-browser. |
ip_given |
The IP from which these cookies are valid. Changing IP addresses will invalidate the cookies. |
raw_auth |
The data from response.auth |
raw_secret |
The data from response.secret |
raw_uid |
The data from response.link |
expires |
The expires parameter on the cookies. |
Aside: TOTP
Important Note: If your user is configured to use Two-Factor authentication, you'll recieve a response like:
{
"status": false,
"user": "foo@bar.com",
"encrypted_hash": "jU+3Yson68O6vluIAStEnBFOX87xT0dmnYLauKs+jM8=",
"encrypted_secret": "jU+3Yson68O6vluIAStEnBFOX87xT0dmnYLauKs+jM8=",
"encrypted_password": "%2BaHg3NELhMcD%2FKUXrjAnXPu8xA4evKS0Ew8%2F%2Bv9Nxtk%3D",
"human_error": "Please enter the code generated by the authenticator application on your device for foo@bar.com.",
"error": false,
"totp": true
}
Which you can test for by checking
# CoffeeScript
$.post endpointUrl, args, "json"
.done (response) ->
if response.status is false and response.totp is true
# We need to handle the user's TOTP
When you re-reply, send
Parameter | Value |
---|---|
action |
login |
username |
The email of the user |
password |
The previous response's response.encrypted_password value |
totp |
The TOTP value |
Only once you've done that, will you get a response as above.
Sending API tokens
Assuming you're accessing the return in JavaScript and have named the variable response
:
Parameter | Value Meaning | Key from Acquired Tokens |
---|---|---|
hash |
Verification value of user secret and server secret | response.raw_auth |
secret |
One of two parts of a secret session identiifer | response.raw_secret |
dblink |
Unique server ID for user; UserID equivalent | response.raw_uid |
For any authenticated/psuedoauthenticated request, these parameters can be sent as extra parameters to validate a login session. The cookie key pairs may also be sent in the header of the POST, rather than these raw cookie values.