Authentication

Most of the API methods will require to authenticate with the API. Currently we support OAuth2 Basic Auth and OAuth.

OAuth2

OAuth 2.0 focuses on client developer simplicity  and will be the main authentication mechanism in the future for Poken API.
To understand the mechanism and the flows a client should support please check Oauth2 flows

Basic Auth

Basic Auth sends user credentials in the header of the HTTP request. This makes it easy to use, but insecure and difficult to track. It is also necessary to augment each API request with additional query parameters which identity the application making the call. The parameters “applicationId” and “applicationSecret” should be sent as query parameters to the API with every call made using Basic Auth. For example

https://api.poken.com/rest081/account/profile?applicationId=myApplicationId&applicationSecret=myAppSecret

OAuth

OAuth is a token-passing mechanism that allows users to control which application have access to their data without giving away their passwords. More information on the OAuth specification can be found at oauth.net or in the excellent Beginner’s Guide to OAuth.

The following is the necessary information required to implement an OAuth consumer.

Get Request Token

Description

URL

  • https://api.poken.com/oauth_v1/GetRequestToken

Parameters

Authorize

Description

  • Allows a Consumer application to use an OAuth Request Token to request user authorization. This method fulfills Secion 6.2 of the OAuth 1.0 authentication flow. Desktop applications must use this method (and cannot use oauth/authenticate).

 URL

  • https://api.poken.com/oauth_v1/AuthorizeToken

Parameters

Get Access Token

Description

URL

  • https://api.poken.com/oauth_v1/GetAccessToken

Parameters