Difference between revisions of "stoney core: Authentication Resource - REST API"
From stoney cloud
[unchecked revision] | [checked revision] |
(→Auth retrieval (GET) example) |
(→Auth retrieval (GET) example) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Also visit [[stoney core: Authentication Resource Mapping (REST - LDAP)]]. | |
− | + | = Auth action = | |
− | + | To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET. | |
− | ===== Auth retrieval (GET) example | + | == Auth retrieval (GET) == |
+ | === Auth retrieval (GET) example === | ||
To verify the authentication the clients sends a HTTP <code>GET</code> request on the auth's resource URI <code>https://api.example.com/v1/auth</code>. | To verify the authentication the clients sends a HTTP <code>GET</code> request on the auth's resource URI <code>https://api.example.com/v1/auth</code>. | ||
The service responds with a HTTP status code: | The service responds with a HTTP status code: | ||
Line 36: | Line 37: | ||
"id": 4000123, | "id": 4000123, | ||
"user": "user@example.com", | "user": "user@example.com", | ||
− | + | "location": "https://api.example.com/v1/people/4000123" | |
− | "location": "https://api. | + | |
} | } | ||
</source> | </source> |
Latest revision as of 12:43, 1 May 2014
Also visit stoney core: Authentication Resource Mapping (REST - LDAP).
Auth action
To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.
Auth retrieval (GET)
Auth retrieval (GET) example
To verify the authentication the clients sends a HTTP GET
request on the auth's resource URI https://api.example.com/v1/auth
.
The service responds with a HTTP status code:
- 200 (OK) on success
- 401 (Unauthorized) on authentication failure
- 429 (Too Many Requests)
The service must never return 403
or similar to avoid attacks which try to figure out which users exist and which do not.
Request:
GET /v1/auth/ HTTP 1.1 HOST: api.example.com AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
Answer:
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
{ "id": 4000123, "user": "user@example.com", "location": "https://api.example.com/v1/people/4000123" }