Main API docs

API Authentication

Other APIs

API Authentication

These parameters are optional for unauthenticated API access (in some cases, you may get additional results here), and mandatory for authenticated API access.

Acquiring API tokens

If you don't already have a set of identifier tokens, you will need to acquire them.

API target: https://amphibiandisease.org/api.php Method: POST

Parameters:

Parameter	Value
`action`	`login`
`username`	The email of the user
`password`	The password of the user

Response:

Please note that a "JSON string" is not an object, below. It is instead a string representing JSON that will have to be json_decode()d (PHP) or JSON.parse()d (JavaScript).

Key	Detail
`status`	`true` or `false` (boolean)
`user`	JSON string of `{'COOKIE_NAME':'USER_EMAIL'}`
`auth`	JSON string of `{'COOKIE_NAME':'USER_AUTHORIZATION_HASH'}`.
`secret`	JSON string of `{'COOKIE_NAME':'USER_AUTHORIZATION_SECRET'}`.
`link`	JSON string of `{'COOKIE_NAME':'USER_DB_UNQ_ID'}`.
`pic`	JSON string of `{'COOKIE_NAME':'USER_PICTURE_PATH'}`.
`name`	JSON string of `{'COOKIE_NAME':'USER_FIRST_NAME'}`.
`full_name`	JSON string of `{'COOKIE_NAME':'USER_FULL_NAME'}`.
`js`	A JavaScript function to evaluate using js-cookie to set the cookies in-browser.
`ip_given`	The IP from which these cookies are valid. Changing IP addresses will invalidate the cookies.
`raw_auth`	The data from `response.auth`
`raw_secret`	The data from `response.secret`
`raw_uid`	The data from `response.link`
`expires`	The expires parameter on the cookies.

Aside: TOTP

Important Note: If your user is configured to use Two-Factor authentication, you'll recieve a response like:

{
  "status": false,
  "user": "foo@bar.com",
  "encrypted_hash": "jU+3Yson68O6vluIAStEnBFOX87xT0dmnYLauKs+jM8=",
  "encrypted_secret": "jU+3Yson68O6vluIAStEnBFOX87xT0dmnYLauKs+jM8=",
  "encrypted_password": "%2BaHg3NELhMcD%2FKUXrjAnXPu8xA4evKS0Ew8%2F%2Bv9Nxtk%3D",
  "human_error": "Please enter the code generated by the authenticator application on your device for foo@bar.com.",
  "error": false,
  "totp": true
}

Which you can test for by checking

# CoffeeScript
$.post endpointUrl, args, "json"
.done (response) ->
  if response.status is false and response.totp is true
    # We need to handle the user's TOTP

When you re-reply, send

Parameter	Value
`action`	`login`
`username`	The email of the user
`password`	The previous response's `response.encrypted_password` value
`totp`	The TOTP value

Only once you've done that, will you get a response as above.

Sending API tokens

Assuming you're accessing the return in JavaScript and have named the variable response:

Parameter	Value Meaning	Key from Acquired Tokens
`hash`	Verification value of user secret and server secret	`response.raw_auth`
`secret`	One of two parts of a secret session identiifer	`response.raw_secret`
`dblink`	Unique server ID for user; UserID equivalent	`response.raw_uid`

For any authenticated/psuedoauthenticated request, these parameters can be sent as extra parameters to validate a login session. The cookie key pairs may also be sent in the header of the POST, rather than these raw cookie values.