Most of the API methods will require to authenticate with the API. Currently we support OAuth2, Basic Auth and OAuth.
OAuth 2.0 focuses on client developer simplicity and will be the main authentication mechanism in the future for Poken API.
To understand the mechanism and the flows a client should support please check Oauth2 flows
Basic Auth sends user credentials in the header of the HTTP request. This makes it easy to use, but insecure and difficult to track. It is also necessary to augment each API request with additional query parameters which identity the application making the call. The parameters “applicationId” and “applicationSecret” should be sent as query parameters to the API with every call made using Basic Auth. For example
OAuth is a token-passing mechanism that allows users to control which application have access to their data without giving away their passwords. More information on the OAuth specification can be found at oauth.net or in the excellent Beginner’s Guide to OAuth.
The following is the necessary information required to implement an OAuth consumer.
Get Request Token
- Allows a Consumer application to obtain an OAuth Request Token to request user authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication flow.
- Allows a Consumer application to use an OAuth Request Token to request user authorization. This method fulfills Secion 6.2 of the OAuth 1.0 authentication flow. Desktop applications must use this method (and cannot use oauth/authenticate).
Get Access Token
- Allows a Consumer application to exchange the OAuth Request Token for an OAuth Access Token. This method fulfills Secion 6.3 of the OAuth 1.0 authentication flow.