The Opentact API will require an API Key to authenticate requests.
All API requests are required to be made over HTTPS, HTTP requests will return back a 302 response - permanent redirection.
There are 5 methods to pass authentication to the API.
For accessing the API a valid email and password must be passed in the 'Authorization' header.
The following syntax must be used in the header
'Authorization: Basic base64(email:password)
A valid token is base64 encoded value of 'email:password'
The following syntax must be used in the headers:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=v
Security Scheme Type
HTTP Authorization Scheme
HTTPS
Basic
For accessing the API a valid JWT token must be passed to the query:
inX-Auth-Token header
as jwt query param
A valid token is generated by the API and returned as a response of
a call to the route: /rest/auth giving a valid email & password.
The following syntax must be used in the headers:
X-Auth-Token: xxxxxx.yyyyyyy.zzzzzz
Header Parameter Name
Security Scheme Type
X-Auth-Token
API Key
For accessing the API a valid Google token must be passed to the query:
inX-Auth-Google-Token header
as google_token query param
A valid token is generated by the Google auth API and returned as a response from the Google Sign-In library.
The following syntax must be used in the headers:
X-Auth-Google-Token: xxxxxx.yyyyyyy.zzzzzz
For accessing the API a valid Facebook token must be passed to the query:
inX-Auth-Facebook-Token header
as facebook_token query param
A valid token is generated by the Facebook auth API and returned as a response
of the Facebook Sign-In library.
The following syntax must be used in the headers:
X-Auth-Facebook-Token: xxxxxx.yyyyyyy.zzzzzz
For accessing the API a valid HA1B token must be passed to the query:
inX-Auth-HA1B-Token header
as ha1b query param
A valid ha1b token is md5(<login>@<domain>:<domain>:<password>).
The following syntax must be used in the headers:
X-Auth-HA1B-Token: xxxxxxyyyyyyyyzzzzzz
