Authorization
1 Token-Based Authorization
After service activation the user receives a login and password for authorization and can work with the API.
URL |
|
Method |
POST |
URL query |
/api/authorization/hash |
Headers |
|
Content-Type |
application/x-www-form-urlencoded |
REQUEST |
|
JSON Body |
email (mandatory) String - user login password (mandatory) String - user password at EDIN 2.0 platform |
Request example:
email=EDSsender&password=12345
RESPONSE
The response body (json-format) transfer the “session key” which is necessary for the further work. Further each request (method call) must contain HTTP header (Authorization), which for the correct execution of requests must contain a token “SID” with the value obtained during authorization.
Response example (JSON):
{"SID": "65daca25-74ba-4c85-8183-71b404a348c0"}
Hint
The duration of the session when the user is idle is 20 minutes (meaning that the key will be deleted in 20 minutes if the user is not active (will not send HTTP requests)).
2 HTTP Basic Authentication
Also, when executing requests instead of “SID”, the value in the HTTP header “Authorization” can be sent to the server login and password as basic authentication (HTTP Basic Authentication). With basic authentication, the client sends a login and password to the server with each request. This data is sent in the header of the “Authorization” query in the form of base64 code:
Authorization: Basic base64_encode(login:password)
For example, if the login and password are admin, the header will look like:
Authorization: Basic YWRtaW46YWRtaW4=