API authentication¶
Internal API endpoints require user authentication (user need to have ROLE_INTERNAL_API
role assigned).
Authentication data (token) must be attached to every request with Authorization
header or auth_token
query
parameter.
Get authentication token for registered user¶
To get authentication token you need to call /api/v1/auth
with your username
and password
- in response you will
get your user information’s and token data.
Example:
1 | curl 'http://publisher.dev/api/v1/auth' -d 'auth%5Busername%5D=username&auth%5Bpassword%5D=password' --compressed
|
Note
Publisher token will be valid for 48 hours
Get authentication token for superdesk user¶
To get authentication token you need to call /api/v1/auth/superdesk
with superdesk legged in user
session_id
and token
- in response you will get your user information’s and token data.
Example:
1 | curl 'http://publisher.dev/api/v1/auth/superdesk' -d 'auth_superdesk%5Bsession_id%5D=5831599634d0c100405d84c7&auth_superdesk%5Btoken%5D=Basic YTRmMWMzMTItODlkNS00MzQzLTkzYjctZWMyMmM5ZGMzYWEwOg==' --compressed
|
Publisher in background will ask authorized superdesk server for user session (and user data). If Superdesk will confirm session information then Publisher will get internal user (or create one if not exists) and create token for him.
Note
Publisher token will be this same as the one from superdesk (provided in /api/v1/auth/superdesk
request).
Generate Authentication URL for Livesite Editor¶
You can create with API special authentication URL for tenant website. To do that you need to call /api/v1/livesite/auth/livesite_editor
as authorized user (with token in request header or url).
1 | curl 'http://publisher.dev/api/v1/livesite/auth/livesite_editor' -H 'Authorization: d6O3UorCHZ2Pd8PRs/0aXGg1qnT0bKUPWW43dgKqYm3CI4U4Og==' --compressed
|
In response you will get JSON with Your token details and special URL which can be used for authentication and Livesite Editor activation.
After following that url you will be redirected to tenant homepage. Meantime special cookie with name activate_livesite_editor
will be set.
This cookie will have API token set as it’s value. It would best if you will set token value in browser local storage and
remove cookie (so it will not be send to server with every request).